Using the Django authentication framework
Django comes with a built-in authentication framework that can handle user authentication, sessions, permissions, and user groups. The authentication system includes views for common user actions such as log in, log out, password change, and password reset.
The authentication framework is located at django.contrib.auth
and is used by other Django contrib
packages. Remember that you already used the authentication framework in Chapter 1, Building a Blog Application, to create a superuser for your blog application to access the administration site.
When you create a new Django project using the startproject
command, the authentication framework is included in the default settings of your project. It consists of the django.contrib.auth
application and the following two middleware classes found in the MIDDLEWARE
setting of your project:
AuthenticationMiddleware
: Associates users with requests using sessionsSessionMiddleware...