Episode 22 of 32

Logging Users In

Authenticate users and create sessions — validate credentials with AuthenticationForm, call login() to start a session.

Logging Users In

Now let us handle the POST request — validate the credentials and log the user in by creating a session.

Updated Login View

# accounts/views.py
from django.shortcuts import render, redirect
from django.contrib.auth import login, authenticate
from django.contrib.auth.forms import AuthenticationForm

def login_view(request):
    if request.method == 'POST':
        form = AuthenticationForm(data=request.POST)
        if form.is_valid():
            # Authenticate the user
            user = form.get_user()
            # Log them in (create session)
            login(request, user)
            return redirect('articles:list')
    else:
        form = AuthenticationForm()
    return render(request, 'accounts/login.html', {
        'form': form
    })

The Flow

POST /accounts/login/
    ↓
AuthenticationForm validates credentials
    ↓
form.get_user() returns the authenticated user
    ↓
login(request, user) creates a session
    ↓
redirect to articles list

What login() Does

login(request, user)

# Internally:
# 1. Creates a session in the database
# 2. Sends a session cookie to the browser
# 3. Subsequent requests include the cookie
# 4. Django sets request.user to the logged-in user

Key Takeaways

AuthenticationForm(data=request.POST) validates username and password
form.get_user() returns the authenticated user object
login(request, user) creates a session — the user stays logged in
After login, request.user is the logged-in user on all subsequent requests