{"id":119328,"date":"2024-11-26T09:31:55","date_gmt":"2024-11-26T09:31:55","guid":{"rendered":"\/tutorials\/?p=119328"},"modified":"2025-05-22T07:40:13","modified_gmt":"2025-05-22T07:40:13","slug":"django-user-model","status":"publish","type":"post","link":"\/tutorials\/django-user-model","title":{"rendered":"Django user model: What it is, how to use it and more"},"content":{"rendered":"

The Django User <\/strong>model provides a <\/span>solid foundation for managing users, securing content, and controlling access to your web applications. As you develop more dynamic and complex projects with Django, these models enable you to implement user authentication and authorization efficiently and securely.<\/p>

In this article, we’ll explain what the Django User<\/strong> model is, how to set it up, and how to customize it to suit your needs. We’ll also discuss user permissions and authorization to provide strong application security.<\/p>

\n\n\n\n\n\n\n<\/p>

What is Django User model?<\/h2>

Django’s built-in authentication system centers around the User model, which manages user accounts, permissions, and essential authentication tasks like login, logout, and password management. <\/p>

This model comes ready to use, simplifying user management and security for your application.<\/p>

Django provides authentication views and tools that cover most needs. If your project requires custom user registration or specific behaviors, you can extend the User model or add tailored functionality to fit your application’s unique requirements.<\/p>

Overview of user authentication features<\/h3>

The default Django User<\/strong> model includes essential features for user authentication and management, such as fields for username, password, email, and permissions (like is_staff<\/strong> and is_superuser<\/strong> flags).<\/p>

It provides built-in methods for password hashing and integrates with Django’s authentication framework to handle login, logout, and access control. Combined with the permissions and session frameworks, it simplifies managing user sessions and roles securely.<\/p>

How to use the default Django User model?<\/h2>

Choosing the default User<\/strong> model over a custom one can speed up development, as it offers ready-made features like authentication, permissions, and password management without requiring extra setup.<\/p>

This makes it a great choice for projects with simple user requirements.<\/p>

Set up user login and logout<\/h3>

Django’s built-in views<\/a> in django.contrib.auth.views<\/strong> make it easy to implement login and logout functionality. The LoginView<\/strong> and LogoutView<\/strong> handle the authentication process, reducing the need for custom code and simplifying these operations.<\/p>

    \n
  1. Set up URLs for login and logout<\/strong><\/li>\n<\/ol>

    Edit your urls.py<\/strong> file:<\/p>

    from django.urls import path\nfrom django.contrib.auth import views as auth_views\n\nurlpatterns = [\n    path('login\/', auth_views.LoginView.as_view(), name='login'),\n    path('logout\/', auth_views.LogoutView.as_view(), name='logout'),\n]<\/pre>
    The URL pattern<\/a> \/login\/<\/strong> is mapped to LoginView<\/strong>, which handles user login by displaying a login form and processing authentication.<\/p>
    Meanwhile, \/logout\/<\/strong> is mapped to LogoutView<\/strong>, which logs the user out, clears the session, and redirects them to the specified page.<\/p>
      \n
    1. Create a login form template<\/strong><\/li>\n<\/ol>
      You can create a simple login template (login.html<\/strong>) inside your app’s templates<\/strong> directory:<\/p>
      <form method=\"post\" action=\"{% url 'login' %}\">\n    {% csrf_token %}\n    <div>\n        <label for=\"username\">Username:<\/label>\n        <input type=\"text\" id=\"username\" name=\"username\" required>\n    <\/div>\n    <div>\n        <label for=\"password\">Password:<\/label>\n        <input type=\"password\" id=\"password\" name=\"password\" required>\n    <\/div>\n    {% if form.non_field_errors %}\n        <div class=\"error\">\n            {{ form.non_field_errors }}\n        <\/div>\n    {% endif %}\n    <button type=\"submit\">Login<\/button>\n<\/form><\/pre>
      This template serves as a user interface for submitting login credentials. When paired with Django’s built-in LoginView<\/strong>, it processes the username and password to authenticate the user.<\/p>
        \n
      1. Create logout<\/strong><\/li>\n<\/ol>
        You don’t need a separate template to log out, as Django’s LogoutView<\/strong> handles it automatically. It clears the user session and redirects to the page defined in the LOGOUT_REDIRECT_URL<\/strong> setting, or a specified next_page<\/strong>.<\/p>
        To do so, simply add a logout link in your template:<\/p>
        <a href=\"{% url 'logout' %}\">Logout<\/a><\/pre>
        Create user registration with UserCreationForm<\/h3>
        Django doesn’t provide a built-in registration view by default, but you can create one using UserCreationForm<\/strong>. This Django form, provided in django.contrib.auth.forms<\/strong>, includes fields for username<\/strong>, password1<\/strong>, and password2<\/strong>, and handles validation for creating a new user.<\/p>
          \n
        1. Create a registration view<\/strong><\/li>\n<\/ol>
          In your views.py <\/strong>file, add:<\/p>
          from django.shortcuts import render, redirect\nfrom django.contrib.auth.forms import UserCreationForm\nfrom django.contrib.auth import login\nfrom django.contrib import messages\n\ndef register(request):\n    if request.method == 'POST':\n        form = UserCreationForm(request.POST)\n        if form.is_valid():\n            user = form.save()\n            login(request, user)\n            messages.success(request, \"Registration successful. Welcome!\")\n            return redirect('home')\n        else:\n            messages.error(request, \"Registration failed. Please check the form for errors.\")\n    else:\n        form = UserCreationForm()\n    return render(request, 'register.html', {'form': form})\n<\/pre>
            \n
          1. Set up the URL for registration<\/strong><\/li>\n<\/ol>
            Include these lines in urls.py<\/strong>:<\/p>
            from django.urls import path\nfrom . import views  # Import your views module\n\nurlpatterns = [\n    path('register\/', views.register, name='register'),\n]\n<\/pre>
              \n
            1. Create the registration form template<\/strong><\/li>\n<\/ol>
              For the register.html <\/strong>file, include:<\/p>
              <form method=\"post\">\n    {% csrf_token %}\n    {{ form.as_p }}\n    <button type=\"submit\">Register<\/button>\n<\/form>\n<\/pre>
              This template displays a simple form rendered from Django’s UserCreationForm<\/strong>. When paired with the registration view, it lets users create an account.<\/p>
              After successful registration, if the view includes a login step, users are automatically logged in and redirected to the specified page.<\/p>
              Manage user sessions<\/h3>
              Once users are logged in, manage their sessions to maintain security and ensure a smooth user experience.<\/p>
              Django uses the session framework to store data about each user’s session on the server. This includes whether the user is logged in, their authentication state, and any additional session data you choose to save.<\/p>
                \n
              1. Access and modify session data<\/strong><\/li>\n<\/ol>
                Store, retrieve, and delete session data in Django views using the request.session dictionary-like object:<\/p>
                from django.shortcuts import render\n\ndef user_dashboard(request):\n    # Store data in session\n    request.session['welcome_message'] = 'Welcome back!'\n    \n    # Retrieve data from session\n    welcome_message = request.session.get('welcome_message', 'Hello, User!')\n\n    # Remove data from session\n    if 'welcome_message' in request.session:\n        del request.session['welcome_message']\n\n    return render(request, 'dashboard.html', {'message': welcome_message})<\/pre>
                  \n
                1. Customize session data<\/strong><\/li>\n<\/ol>
                  Control session behavior by configuring the following settings in settings.py<\/strong>:<\/p>