class AuthenticationMiddleware Adds the user attribute, representing the currently-logged-in user, to every incoming HttpRequest object. See Authentication in Web requests.

class AccessMixin New in Django 1.9. login_url Default return value for get_login_url(). Defaults to None in which case get_login_url() falls back to settings.LOGIN_URL. permission_denied_message Default return value for get_permission_denied_message(). Defaults to an empty string. redirect_field_name Default return value for get_redirect_field_name(). Defaults to "next". raise_exception If this attribute is set to True, a PermissionDenied exception will be raised inst

get_permission_denied_message() When raise_exception is True, this method can be used to control the error message passed to the error handler for display to the user. Returns the permission_denied_message attribute by default.

get_login_url() Returns the URL that users who don’t pass the test will be redirected to. Returns login_url if set, or settings.LOGIN_URL otherwise.

class PersistentRemoteUserMiddleware New in Django 1.9. Middleware for utilizing Web server provided authentication when enabled only on the login page. See Using REMOTE_USER on login pages only for usage details.

class RemoteUserMiddleware Middleware for utilizing Web server provided authentication. See Authentication using REMOTE_USER for usage details.

logout(request) [source] To log out a user who has been logged in via django.contrib.auth.login(), use django.contrib.auth.logout() within your view. It takes an HttpRequest object and has no return value. Example: from django.contrib.auth import logout def logout_view(request): logout(request) # Redirect to a success page. Note that logout() doesn’t throw any errors if the user wasn’t logged in. When you call logout(), the session data for the current request is completely cleaned

make_password(password, salt=None, hasher='default') [source] Creates a hashed password in the format used by this application. It takes one mandatory argument: the password in plain-text. Optionally, you can provide a salt and a hashing algorithm to use, if you don’t want to use the defaults (first entry of PASSWORD_HASHERS setting). See Included hashers for the algorithm name of each hasher. If the password argument is None, an unusable password is returned (a one that will be never accept

login(request, user, backend=None) [source] To log a user in, from a view, use login(). It takes an HttpRequest object and a User object. login() saves the user’s ID in the session, using Django’s session framework. Note that any data set during the anonymous session is retained in the session after a user logs in. This example shows how you might use both authenticate() and login(): from django.contrib.auth import authenticate, login def my_view(request): username = request.POST['usern

is_active Returns True if the user account is currently active.