Django comes with a robust authentication system that handles both authentication and authorization. In this post let's talk about two of its methods authenticate() and login().

authenticate()

The authenticate method is used to verify the user's credentials against the authentication backends defined in the project. it takes the user's credentials as arguments and returns user object if the credentials are valid and if the credentials are invalid then it returns None

login()

The login() function is used to create user sessions and log them in. It takes a HttpRequest object and a User object saves the user's ID in the session using Django’s session framework and sets a session cookie in the user's browser, allowing them to remain authenticated across different pages and requests.

Example to create a login_view using both methods

from django.contrib.auth import authenticate, login
from django.http import HttpResponse
from django.shortcuts import render
from django.contrib.auth.models import User

def login_view(request):
    if request.method == 'POST':
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(request, username=username, password=password)
        if user is not None:
            login(request, user)
            return HttpResponse("Logged in successfully")
        else:
            return HttpResponse("Authentication failed. Please try again.")

    return render(request, 'login.html')