Login, Logout & Password Management
Django provides built-in views for login, logout, password change, and password reset. You can use them directly with custom templates or write your own views using authenticate() and login() functions.
20 min•By Priygop Team•Updated 2026
Auth Functions & Views
- authenticate(username, password) — Verify credentials, return User or None
- login(request, user) — Create session for the user
- logout(request) — Destroy the session
- LoginView — Built-in class-based login view
- LogoutView — Built-in logout view
- PasswordChangeView — Change password (logged-in user)
- PasswordResetView — Send reset email (forgot password)
- LOGIN_URL, LOGIN_REDIRECT_URL in settings.py
Login/Logout Implementation
Login/Logout Implementation
# accounts/views.py — Custom login view
# from django.contrib.auth import authenticate, login, logout
# from django.contrib.auth.forms import AuthenticationForm
# def login_view(request):
# if request.method == 'POST':
# form = AuthenticationForm(request, data=request.POST)
# if form.is_valid():
# username = form.cleaned_data['username']
# password = form.cleaned_data['password']
# user = authenticate(request, username=username, password=password)
# if user is not None:
# login(request, user)
# messages.success(request, f'Welcome, {username}!')
# next_url = request.GET.get('next', '/')
# return redirect(next_url)
# else:
# form = AuthenticationForm()
# return render(request, 'accounts/login.html', {'form': form})
# def logout_view(request):
# logout(request)
# messages.info(request, 'You have been logged out.')
# return redirect('home')
# Using built-in views (simpler approach)
# accounts/urls.py
# from django.contrib.auth import views as auth_views
# urlpatterns = [
# path('login/', auth_views.LoginView.as_view(
# template_name='accounts/login.html'
# ), name='login'),
# path('logout/', auth_views.LogoutView.as_view(), name='logout'),
# path('password-change/', auth_views.PasswordChangeView.as_view(
# template_name='accounts/password_change.html'
# ), name='password-change'),
# ]
# settings.py
# LOGIN_URL = '/accounts/login/'
# LOGIN_REDIRECT_URL = '/'
# LOGOUT_REDIRECT_URL = '/'Tip
Tip
Use @login_required decorator for FBVs and LoginRequiredMixin for CBVs. Set LOGIN_URL in settings for redirect behavior.
Diagram
Loading diagram…
QuerySets are LAZY — no DB hit until evaluated.
Common Mistake
Warning
Not using authenticate() before login(). authenticate() verifies credentials and returns user object or None.
Practice Task
Note
(1) Add @login_required to a view. (2) Test access when logged out. (3) Configure LOGIN_REDIRECT_URL.
Quick Quiz
Key Takeaways
- Django provides built-in views for login, logout, password change, and password reset.
- authenticate(username, password) — Verify credentials, return User or None
- login(request, user) — Create session for the user
- logout(request) — Destroy the session