Authentication in web requests
Django uses sessions and middleware to hook the authentication system into
request objects. These provide a
request.user attribute on every request which represents the current user. If the current user has not logged in, this attribute will be set to an instance of
AnonymousUser, otherwise it will be an instance of
User. You can tell them apart with
is_authenticated(), like so:
if request.user.is_authenticated(): # Do something for authenticated users. else: # Do something for anonymous users.
How to log a user in
To log a user in, from a view, use
login(). It takes an
HttpRequest object and a
login() saves the user's ID in the session, using Django's session framework. Note that any data set during the ...