So now we're going to take a look at what we do with Django to handle logging users into and out of our application. So just we talked about sessions recently and making a session is not the same as being logged in. Logging in actually changes data in the session. Logging in, in general, the most basic way of logging in depends on the existence of a session. And logging in as putting data into the session about the current user and their name, their email, and then logging out as removing it. In the session, you could have multiple users login with one user logout, login with a different user logout. If you're just in the same browser, you're going to end up with the same session just associated with different users. So remember, sessions and log in are not the same thing. Just like cookies and sessions are not the same thing sessions and login are not the same thing. But they all build on each other, sessions built on cookies and login builds on sessions. So to make this all work, you have to add to your installed apps, all the Django support for all this login and logout stuff. Now if you automatically built your project and you got to settings.py that they're going to just put this in automatically. So this is just so you know when you're looking at it, where it is that all this magic functionality comes from? It comes from this installed apps. Also for the login and logout, you're going to have to add a path to your project wide. So dj4e-samples/dj4e-samples/urls.py. This is not in any of your applications. This is in your Django project and you add a path and there's a bunch of URLs and that gets all registered and a whole bunch of wonderful magic happens at that point. And so that's how these urls are activated in your Django project, so that your applications. So the way we get the urls to the login and logout features is we use the reverse. We've been using reverse all along, reverse is the way we look up for a particular view. And at the in some urls.py, matter of fact, in that django contrib off urls in that there is a name equals. And so there's a view in there that they've got that we didn't write. And then has a name equals, and has name equals login, and name equals logout. And so we can do a reverse lookup like we would have any of our views that we might have. Say where what is give me the url in this django project for the view named login or the view named logout. And it's pretty simple, you could even probably hard code these. But maybe the route isn't exactly account slash, right. And so maybe you call them something else. So that's why we use the reverse to look these things up. And so that's just a convenient way of doing it. Now, one of the things about logging in, is sometimes you have an application and there's like a login button. But sometimes you just have pages, that are protected by login. And then, when you go to a page, it says, wait, you got to login, first. And then after you log in, you'll notice it typically just takes you right back to the page that you want it to see. So you might bookmark a page, when you're logged in, and then you log out and then you click on that bookmark page, but that requires that you be logged in. So you're going to go to the page and then when you're done logging in, we want to come right back to that page. And so that's using redirecting, but it's redirecting after login is successful or after logout is successful. Log outs are almost always successful. And so there's a parameter that we can add a get parameter that we can add, and it's the next equals in what we do is we give it a path. And so here's a little bit of code that we're going to play with, in my sample codes under the authz application. And so I got a bunch of views and I'm going to give them some names so that we can play with them. So these are just the urls.py. So if you take a look in this main.html template, you see a whole bunch of things you see this next feature in action. So here's a couple things we can do. So there is this user object that in a sense is passed in. You don't have to do anything to pass it in. There's this user object that sits there in your template context that's automatically and we'll talk later about how you can sort of inject into every template, certain little things that you got to inject. But the system injects this user, there is an attribute called is authenticated, which is true or false. To say whether you're not logged in or are logged in. And so if we see it we say, what's their person's full name, user dot email user.id. This user id is the primary key we might actually have, later we'll have a foreign key that goes into the user table. And we need to know what the primary key of the current user is. So we can populate our foreign key, so when we like have a row and it's owned by such and so we're going to actually put a foreign key into a table that we didn't even create. But the thing I'm talking about now is you can get a url, that url tag that's looking up a name of a view. Logout is the name of a view, log in as the name of a view. And then we have this question mark next equals, that's the parameter to say when you're all done with that login or logout, go back to this particular url. Okay, and so that says go to the URL that's in the authz application, the view named open. And so that's one way of doing it. Another way, let's say on login, we're going to get the login URL and send ourselves back to the request.path. Request is another one of these things that's dropped in automatically for us. That is the current URL of the viewer at. So in a sense, this is a contraction that says go ahead and go to login and when you're back, come right back here. So login will login and then redirect back to this page that we're on whatever the page is, because this is going to be this little main.HTML is used in a couple of my different views. So request.path is like, come back here, so that's a good pattern to know, to just say login and come back to this current path, when you're all done. And so here's just a bunch of connections to this thing. And here's just all my links and I have a couple of things I have some no login required pages, just to play around and then. And then I have one that's protected by hand in Python and then once required by a login mix in, and then I sort of dump all that data and I think I showed you that one already. So here is one of them, right? I showed that, that's what this all looks like. You can see that these links have the next in there, this is how it turns out to be get accounts login. Come back, come back, you go to accounts login next equals authz open and that's basically I'm in this file right now. I'm in that URL and that says go ahead and log me in and then come back to this URL, to the authz open. Here's an example of a logout URL with a next setup in it. And so up next, we're going to talk about not just how to get the users to go to the login page, but how to configure the login page. [MUSIC]
