Home/ Questions/Q 8930667
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T08:56:24+00:00

With normal Django user handeling, you would save a session to the user once

  • 0

With normal Django user handeling, you would save a session to the user once he/she is logged in. However, after reading the userena views.py file for signin, I couldn’t see how the user is tracked so that once they log in, the site would now they are logged in. I put the code from userena below:

def signin(request, auth_form=AuthenticationForm,
       template_name='userena/signin_form.html',
       redirect_field_name=REDIRECT_FIELD_NAME,
       redirect_signin_function=signin_redirect, extra_context=None):
"""
Signin using email or username with password.

Signs a user in by combining email/username with password. If the
combination is correct and the user :func:`is_active` the
:func:`redirect_signin_function` is called with the arguments
``REDIRECT_FIELD_NAME`` and an instance of the :class:`User` whois is
trying the login. The returned value of the function will be the URL that
is redirected to.

A user can also select to be remembered for ``USERENA_REMEMBER_DAYS``.

:param auth_form:
    Form to use for signing the user in. Defaults to the
    :class:`AuthenticationForm` supplied by userena.

:param template_name:
    String defining the name of the template to use. Defaults to
    ``userena/signin_form.html``.

:param redirect_field_name:
    Form field name which contains the value for a redirect to the
    successing page. Defaults to ``next`` and is set in
    ``REDIRECT_FIELD_NAME`` setting.

:param redirect_signin_function:
    Function which handles the redirect. This functions gets the value of
    ``REDIRECT_FIELD_NAME`` and the :class:`User` who has logged in. It
    must return a string which specifies the URI to redirect to.

:param extra_context:
    A dictionary containing extra variables that should be passed to the
    rendered template. The ``form`` key is always the ``auth_form``.

**Context**

``form``
    Form used for authentication supplied by ``auth_form``.

"""
form = auth_form

if request.method == 'POST':
    form = auth_form(request.POST, request.FILES)
    if form.is_valid():
        identification, password, remember_me = (form.cleaned_data['identification'],
                                                 form.cleaned_data['password'],
                                                 form.cleaned_data['remember_me'])
        user = authenticate(identification=identification,
                            password=password)
        if user.is_active:
            login(request, user)
            if remember_me:
                request.session.set_expiry(userena_settings.USERENA_REMEMBER_ME_DAYS[1] * 86400)
            else: request.session.set_expiry(0)

            if userena_settings.USERENA_USE_MESSAGES:
                messages.success(request, _('You have been signed in.'),
                                 fail_silently=True)

            # Whereto now?
            redirect_to = redirect_signin_function(
                request.REQUEST.get(redirect_field_name), user)
            return redirect(redirect_to)
        else:
            return redirect(reverse('userena_disabled',
                                    kwargs={'username': user.username}))

if not extra_context: extra_context = dict()
extra_context.update({
    'form': form,
    'next': request.REQUEST.get(redirect_field_name),
})
return ExtraContextTemplateView.as_view(template_name=template_name,
                                        extra_context=extra_context)(request)
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The user is first authenticated using

    user = authenticate(identification=identification,password=password)

    which can be found here https://github.com/django/django/blob/master/django/contrib/auth/backends.py
    This method checks if the user exists, and checks whether the password is correct.

    If all goes well, the login method is called

    login(request, user)

    which can be found here
    https://github.com/django/django/blob/master/django/contrib/auth/views.py

    As you can see, these are two methods that are shipped with Django, and act as the sort of ‘default’ authentication package for Django.

    Your site knows that a user is logged in because you’ll probably be using Middleware (specifically SessionMiddleware and AuthenticationMiddleware), which attach a session and a user object to the request. The login method mentioned above saves the user ID to the session.

    For more details see https://docs.djangoproject.com/en/dev/topics/auth/#authentication-in-web-requests

    Concerning your comment:

    You could render your template using RequestContext, or have your views return a TemplateResponse.
    See https://docs.djangoproject.com/en/dev/ref/template-response/#using-templateresponse-and-simpletemplateresponse

    This passes the user object to the template processor.
    Then, in your template you could do something like this:

    {% if user.is_authenticated %}
 <p>Welcome {{ user.first_name }}</p>
{% else %}
 <p>Please log in</p>
{% endif %}

    Also see https://docs.djangoproject.com/en/dev/topics/auth/#id8

    In my opinion it is indeed very well possible to put a modified version of this in your base.html. For example to show a login button if the user is not logged in, and replace it by a button that brings the user to his/her profile page when the user is logged in.

    • 0