🔒 Django Authentication System from Scratch (Login, Logout, Signup)
Introduction
User authentication is a fundamental part of any modern web application. Whether you're building a blog, e-commerce store, or social network, you need a secure way for users to log in and manage their accounts.
In this guide, you’ll learn how to create a simple but functional authentication system in Django — including user registration (signup), login, and logout.
Prerequisites
Before you begin, make sure:
-
You have Python 3.x and Django installed
Install Django (if not yet installed):pip install django -
You have a basic Django project and app already created.
If not, run:django-admin startproject authproject cd authproject python manage.py startapp accounts
Then, add 'accounts' to your INSTALLED_APPS in settings.py.
Step 1: Set Up URLs
In authproject/urls.py
from django.contrib import admin
from django.urls import path, include
urlpatterns = [
path('admin/', admin.site.urls),
path('accounts/', include('accounts.urls')),
]
In accounts/urls.py
Create this file inside your accounts app:
from django.urls import path
from . import views
urlpatterns = [
path('signup/', views.signup_view, name='signup'),
path('login/', views.login_view, name='login'),
path('logout/', views.logout_view, name='logout'),
]
Step 2: Create Views
In accounts/views.py:
from django.shortcuts import render, redirect
from django.contrib.auth.forms import UserCreationForm, AuthenticationForm
from django.contrib.auth import login, logout
def signup_view(request):
if request.method == 'POST':
form = UserCreationForm(request.POST)
if form.is_valid():
user = form.save()
login(request, user)
return redirect('/')
else:
form = UserCreationForm()
return render(request, 'accounts/signup.html', {'form': form})
def login_view(request):
if request.method == 'POST':
form = AuthenticationForm(data=request.POST)
if form.is_valid():
user = form.get_user()
login(request, user)
return redirect('/')
else:
form = AuthenticationForm()
return render(request, 'accounts/login.html', {'form': form})
def logout_view(request):
if request.method == 'POST':
logout(request)
return redirect('/')
Step 3: Create Templates
Create a templates/accounts/ folder inside your app and add the following:
signup.html
<h2>Sign Up</h2>
<form method="POST">
{% csrf_token %}
{{ form.as_p }}
<button type="submit">Sign Up</button>
</form>
login.html
<h2>Login</h2>
<form method="POST">
{% csrf_token %}
{{ form.as_p }}
<button type="submit">Login</button>
</form>
Step 4: Add Logout Button
In your base template or homepage, add a logout form:
{% if user.is_authenticated %}
<form method="POST" action="{% url 'logout' %}">
{% csrf_token %}
<button type="submit">Logout</button>
</form>
{% endif %}
Step 5: Protect Pages with Login
You can protect views by adding the login-required decorator:
from django.contrib.auth.decorators import login_required
@login_required
def dashboard(request):
return render(request, 'dashboard.html')
Also, set the login redirect URL in settings.py:
LOGIN_URL = '/accounts/login/'
Conclusion
You now have a fully functional authentication system in Django — built from scratch! Users can sign up, log in, and log out. You’ve learned how to:
-
Use Django’s built-in authentication forms
-
Secure routes with decorators
-
Render and protect user data
✅ You can now build on this foundation by adding user profiles, password resets, and more.
