Authentication introduction

Last reviewed Jun 1, 2026 Content v20260601

Track mode: server_script
Means: Server runner
Reading: ~1 min
Level: intermediate

This lesson

An orientation to the Django track—how the server playground works, core vocabulary, and what you will practice next.

You need a clear map of the Django track so MVT, the ORM, and project layout do not feel like magic.

You will apply Authentication introduction in contexts like: Registration, login, profile settings, and permissioned workflows.

Write Python 3 in the editor and click Run on server—the dev runner executes your script; Django framework lessons also use local startproject for full MVT (LEARNING_RUNNER_ENABLED=true). Also read the interview prep blocks.

After HTML fundamentals and basic programming concepts—before or alongside SQL.

Django ships a user model, login/logout views, password hashing, and permissions—django.contrib.auth. Most apps extend or replace the default User model early.

Essentials

User model — username/email, password hash, is_staff, is_superuser
@login_required decorator — redirect anonymous users
LoginRequiredMixin for CBVs
request.user — current user (AnonymousUser if logged out)

Password security

Never store plain passwords—Django uses PBKDF2/bcrypt/argon2. Use create_user() and set_password(), not manual hashing in views.

Important interview questions and answers

Q: AUTH_USER_MODEL?
A: Setting pointing to custom user model—must set before first migrate.
Q: Session vs JWT?
A: Django default is session cookie + server session store; JWT common for SPA/mobile with DRF.
Q: Permission checks?
A: user.has_perm('app.change_article') or decorators/mixins—prefer permissions over hard-coded group names.

Self-check

How do you protect a view for logged-in users only?
Why never save passwords as plain text?

Pitfall: Set AUTH_USER_MODEL before your first migrate if you need a custom user—changing later is painful.

Interview prep

Session vs JWT in Django?: Default auth uses session cookies and server-side sessions; JWT is common with DRF for SPAs and mobile clients.

Interview tip Lesson completion confidence

Can you explain this lesson in 30 seconds without reading notes?

Self-reflection (saved on this device)

Not saved yet.

Playground

Runs on the configured server runner (dev: npm run runner with LEARNING_RUNNER_ENABLED=true). Output appears below the editor.

Code runner not available

Server runner is disabled. Set LEARNING_RUNNER_ENABLED=true and LEARNING_RUNNER_URL in .env (see .env.example).

Check yourself

Multiple choice — immediate feedback.

Discussion

Past discussion is visible to everyone. Only logged-in users can post comments and replies.

Starter discussion topics

User model extend?
Permission on view?

No discussion yet. Be the first to ask a question.