Django Login & Logout Tutorial
Adding login and logout to your Django application is very quick and doesn't require lots of custom code. However, it relies a lot on features built into Django, which can be confusing. I am going to show you the quickest way to log users in.
This is what we will need to do:
Register URLs
Add a template to
registration/login.htmlDefine a redirect URL in
settings.py
Why login can be confusing
You don't have to write your own view. The logic for checking the username and password, and creating a session uses code that has already been written by Django. By registering the URLs of Django's internal auth app matches requests to /login to a pre-existing view.
You do, however, need to provide a HTML template to render the login form. Django expects to see this in registration/login.html.
Code Example
The code for this tutorial can be found here.
Prerequisites
To follow this tutorial, you will need a Django project with the ability to register users.
If you're unsure how to create users, then please refer to my user registration tutorial. If you need help starting a Django project, then check out my tutorial on installing Django.
1. Register URLs
Django includes a package called "auth" (source code) that has lots of useful features for authenticating users.
The package includes URLs for logging users in, logging them out, and resetting a password (source). By including these URLs in your applications urls.py, you can add these features to your project without having to write your own views.
To add the URLs to your project, add the following line to urls.py (GitHub).
Option 1: Include all URLs from django.contrib.auth
urlpatterns = [
...
path("", include("django.contrib.auth.urls"))
]
Option 2: just include the Login path
from django.contrib.auth import views as auth_views
urlpatterns = [
...
path("login/", auth_views.LoginView.as_view(), name="login")
]
This means that when a user goes to /login, they will be able to see the login page.
Choose Option 1 if you also want to include password reset and don't need to customise any paths. Use Option 2 if you don't want password reset or you want to customise the path.
2. Add a Template
The auth app includes a view but you have to create your own template.
This template needs to include a login form. The form itself is provided by the view, so the template markup is very simple.
Create a folder called registration in your templates directory. Inside templates/registration, create a file called login.html.
This is the markup I used:
<h1>Login</h1>
<form method="post">
{% csrf_token %}
{{form.as_p}}
<input type="submit" value="Login">
</form>
What if you don't want to put the template in registration/login.html?
Django's auth app expects to see the template in templates/registration/login.html. If you want to put your template in another location, then you will need to define the template location in urls.py (source: Django docs).
# project_config/urls.py
from django.contrib.auth import views as auth_views
path('accounts/login/', auth_views.LoginView.as_view(template_name='users/login.html')),
3. Define a Redirect URL
The final step is to define what should happen after the user has been successfully logged in.
You can do this by defining the LOGIN_REDIRECT_URL in settings.py.
Add the following line to your settings.py to redirect logged-in users to the homepage.
LOGIN_REDIRECT_URL = "/"
You can supply an absolute URL or a URL pattern name.
4. Logout
To log users out, you will need to provide a URL and a LOGOUT_REDIRECT_URL.
URLs
If you chose Option 1 in Step 2 and imported all URLs from django.contrib.auth, you don't need to do anything.
If you haven't already included the logout URL, then you need to add it to urls.py
# project_config/urls.py
from django.contrib.auth import views as auth_views
urlpatterns = [
...
path("login/", auth_views.LoginView.as_view(), name="login")
path("logout/", auth_views.LogoutView.as_view(), name="logout")
]
No template is required because there isn't a form that the user has to fill out.
However, you will need to specify where logged-out users should be redirected to.
Redirect URL
Add a LOGOUT_REDIRECT_URL to settings.py
# project_config/settings.py
LOGOUT_REDIRECT_URL = "/"
Conclusion
We have covered how to log users in and out.
Our strategy makes full use of the django.contrib.auth app which means we don't have to write any custom code to check the user's credentials. Instead, we just need to import URLs; add a template, and define the redirect URLs.