Open in app

Sign in

Write

Sign in

Session Authentication in Django Rest Framework?

Md Sadiqul Islam
2 min readMar 1, 2023

Session authentication is one of the authentication schemes available in Django Rest Framework (DRF). It allows users to authenticate with their credentials, such as username and password, and uses server-side sessions to keep track of their authentication status. Here’s when, why, and how you should use session authentication in DRF:

When to use session authentication:

  • When you want to build a web application that requires authentication and you need to maintain user sessions.
  • When you want to leverage Django’s built-in authentication system for DRF.
  • When you want to allow users to stay logged in and maintain their authentication status across multiple requests.

Why use session authentication:

  • It’s easy to set up and use since it’s built-in to Django.
  • It’s widely used and understood by developers.
  • It allows users to stay logged in and maintain their authentication status across multiple requests.
  • It provides a secure way of authenticating users since it uses server-side sessions.

How to use session authentication in DRF:

  • First, you need to add the rest_framework.authentication.SessionAuthentication class to the DEFAULT_AUTHENTICATION_CLASSES setting in your Django settings file.
  • Next, you need to make sure that the django.contrib.sessions.middleware.SessionMiddleware middleware is added to the MIDDLEWARE setting in your Django settings file.
  • Finally, you can use the @api_view decorator or APIView class-based view to create views that require authentication. When a user logs in, a session is created on the server-side and a session ID is stored in a cookie on the client-side. On subsequent requests, DRF will check if the session ID in the cookie matches a session on the server-side to determine if the user is authenticated.

Here’s an example of using session authentication with a function-based view:

from rest_framework.decorators import api_view, authentication_classes
from rest_framework.authentication import SessionAuthentication

@api_view(['GET'])
@authentication_classes([SessionAuthentication])
def my_view(request):
    # Only authenticated users can access this view
    # Access the authenticated user with request.user
    return Response({'message': 'Hello, authenticated user!'})

In summary, you should use session authentication in DRF when you want to build a web application that requires authentication and needs to maintain user sessions. It’s easy to set up and use, widely used and understood by developers, and provides a secure way of authenticating users.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Session Authentication
Authentication
Django Rest Framework
API
Api Development
Md Sadiqul Islam
Md Sadiqul Islam

Written by Md Sadiqul Islam

21 Followers
4 Following

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams