Menu
In the Django Rest Framework SessionAuthentication documentation it says that
Warning: Always use Django's standard login view when creating login pages. This will ensure your login views are properly protected.
Why should I use Django's standard login views on login pages? If I would like to make my own login views (for example, in React, Vue or Angular), what I should take into account to make the view "as secure as the Django's standard login view"?
996
Maybe it's a bit strangely worded. This is related to django.contrib.auth.views. Within these there is a login() function and this login function is meant as Django's standard login view.
How to log a user in part of documentation in Django describes how login() should be used.
To log a user in, from a view, use
login(). It takes anHttpRequestobject and a User object.login()saves the user’s ID in the session, using Django’s session framework.
There is also a login example code:
from django.contrib.auth import authenticate, login
def my_view(request):
username = request.POST['username']
password = request.POST['password']
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
# Redirect to a success page.
...
else:
# Return an 'invalid login' error message.
...
You can still implement your own login system, but in most cases you will still be using Django's login() to actually log a user in. You can check login() source code here to see how it's implemented.
175
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
