Web Development
Reader small image

You're reading from  Web Development with Django

Product typeBook
Published inFeb 2021
Reading LevelIntermediate
PublisherPackt
ISBN-139781839212505
Edition1st Edition
Languages
Python
Tools
Django
Concepts
Web Programming
Right arrow
Authors (5):
Ben Shaw
Ben Shaw
author image
Ben Shaw

Ben Shaw is a software engineer based in Auckland, New Zealand. He has worked as a developer for over 14 years and has been building websites with Django since 2007. In that time, his experience has helped many different types of companies, ranging in size from start-ups to large enterprises. He is also interested in machine learning, data science, automating deployments, and DevOps. When not programming, Ben enjoys outdoor sports and spending time with his partner and son.
Read more about Ben Shaw

Saurabh Badhwar
Saurabh Badhwar
author image
Saurabh Badhwar

Saurabh Badhwar is an infrastructure engineer who works on building tools and frameworks that enhance developer productivity. A major part of his work involves using Python to develop services that scale to thousands of concurrent users. He is currently employed at LinkedIn and works on infrastructure performance tools and services.
Read more about Saurabh Badhwar

Andrew Bird
Andrew Bird
author image
Andrew Bird

Andrew Bird is the data and analytics manager of Vesparum Capital. He leads the software and data science teams at Vesparum, overseeing full-stack web development in Django/React. He is an Australian actuary (FIAA, CERA) who has previously worked with Deloitte Consulting in financial services. Andrew also currently works as a full-stack developer for Draftable Pvt. Ltd. He manages the ongoing development of the donation portal for the Effective Altruism Australia website on a voluntary basis. Andrew has also co-written one of our bestselling titles, "The Python Workshop".
Read more about Andrew Bird

Bharath Chandra K S
Bharath Chandra K S
author image
Bharath Chandra K S

Bharath Chandra K S lives in Sydney, Australia, and has over 14 years of software industry experience. He is very passionate about software development on the Python stack, including frameworks such as Flask and Django. He has experience working with both monolithic and microservice architectures and has built various public-facing applications and data processing backend systems. When not cooking up software applications, he likes to cook some nice food.
Read more about Bharath Chandra K S

Chris Guest
Chris Guest
author image
Chris Guest

Chris Guest is based in Melbourne and started programming in Python 24 years ago, when it was an obscure academic language. He has since used his Python knowledge in the publishing, hospitality, medical, academic and financial sectors. Throughout his career, he has worked with many Python web development frameworks, including Zope, TurboGears, web2py, and Flask, although he still prefers Django.
Read more about Chris Guest

View More author details
Right arrow

9. Sessions and Authentication

Overview

This chapter begins with a brief introduction to middleware before delving into the concepts of authentication models and session engines. You will implement Django's authentication model to restrict permissions to only a specific set of users. Then, you will see how you can leverage Django authentication to provide a flexible approach to application security. After that, you will learn how Django supports multiple session engines to retain user data. By the end of the chapter, you will be proficient at using sessions to retain information on past user interactions and to maintain user preferences for when pages are revisited.

Introduction

Up until now, we have used Django to develop dynamic applications that allow users to interact with application models, but we have not attempted to secure these applications from unwanted use. For example, our Bookr app allows unauthenticated users to add reviews and upload media. This is a critical security issue for any online web app as it leaves the site open to the posting of spam or other inappropriate material and the vandalism of existing content. We want the creation and modification of content to be strictly limited to authenticated users who have registered with the site.

The authentication app supplies Django with the models for representing users, groups, and permissions. It also provides middleware, utility functions, decorators, and mixins that help integrate user authentication into our apps. Furthermore, the authentication app allows grouping and naming certain sets of users.

In Chapter 4, Introduction to Django Admin, we used the Admin app to...

Middleware

In Chapter 3, URL Mapping, Views, and Templates, we discussed Django's implementation of the request/response process along with its view and rendering functionality. In addition to these, another feature that plays an extremely important role when it comes to Django's core web processing is middleware. Django's middleware refers to a variety of software components that intervene in this request/response process to integrate important functionalities such as security, session management, and authentication.

So, when we write a view in Django, we don't have to explicitly set a series of important security features in the response header. These additions to the response object are automatically made by the SecurityMiddleware instance after the view returns its response. As middleware components wrap the view and perform a series of pre-processes on the request and post-processes on the response, the view is not cluttered with a lot of repetitive code...

Sessions

It is worth looking at some theory to understand why sessions are a common solution in web applications for managing user content. The HTTP protocol defines the interactions between a client and a server. It is said to be a "stateless" protocol as no stateful information is retained by the server between requests. This protocol design worked well for delivering hypertextual information in the early days of the World Wide Web, but it did not suit the needs of secured web applications delivering customized information to specific users.

We are now acquainted with seeing websites adapt to our personal viewing habits. Shopping sites recommend similar products to the ones that we have recently viewed and tell us about products that are popular in our region. These features all required a stateful approach to website development. One of the most common ways to implement a stateful web experience is through sessions. A session refers to a user's current interaction...

Summary

In this chapter, we have examined Django's middleware implementation of authentication and sessions. We have learned how to incorporate authentication and permission logic into views and templates. We can set permissions on specific pages and limit their access to authenticated users. We have also examined how to store data in a user's session and render it in subsequent pages.

Now you have the skills to customize a Django project to deliver a personalized web experience. You can limit the content to authenticated or privileged users and you can personalize a user's experience based on their prior interactions. In the next chapter, we will revisit the Admin app and learn some advanced techniques to customize our user model and apply fine-grained changes to the admin interface for our models.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 10 of 17
Next Chapter
You have been reading a chapter from
Web Development with Django
Published in: Feb 2021Publisher: PacktISBN-13: 9781839212505
© 2021 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €14.99/month. Cancel anytime

Authors (5)

author image
Ben Shaw

Ben Shaw is a software engineer based in Auckland, New Zealand. He has worked as a developer for over 14 years and has been building websites with Django since 2007. In that time, his experience has helped many different types of companies, ranging in size from start-ups to large enterprises. He is also interested in machine learning, data science, automating deployments, and DevOps. When not programming, Ben enjoys outdoor sports and spending time with his partner and son.
Read more about Ben Shaw

author image
Saurabh Badhwar

Saurabh Badhwar is an infrastructure engineer who works on building tools and frameworks that enhance developer productivity. A major part of his work involves using Python to develop services that scale to thousands of concurrent users. He is currently employed at LinkedIn and works on infrastructure performance tools and services.
Read more about Saurabh Badhwar

author image
Andrew Bird

Andrew Bird is the data and analytics manager of Vesparum Capital. He leads the software and data science teams at Vesparum, overseeing full-stack web development in Django/React. He is an Australian actuary (FIAA, CERA) who has previously worked with Deloitte Consulting in financial services. Andrew also currently works as a full-stack developer for Draftable Pvt. Ltd. He manages the ongoing development of the donation portal for the Effective Altruism Australia website on a voluntary basis. Andrew has also co-written one of our bestselling titles, "The Python Workshop".
Read more about Andrew Bird

author image
Bharath Chandra K S

Bharath Chandra K S lives in Sydney, Australia, and has over 14 years of software industry experience. He is very passionate about software development on the Python stack, including frameworks such as Flask and Django. He has experience working with both monolithic and microservice architectures and has built various public-facing applications and data processing backend systems. When not cooking up software applications, he likes to cook some nice food.
Read more about Bharath Chandra K S

author image
Chris Guest

Chris Guest is based in Melbourne and started programming in Python 24 years ago, when it was an obscure academic language. He has since used his Python knowledge in the publishing, hospitality, medical, academic and financial sectors. Throughout his career, he has worked with many Python web development frameworks, including Zope, TurboGears, web2py, and Flask, although he still prefers Django.
Read more about Chris Guest

Other recommended products

Related to this chapter

Building Django 2.0 Web Applications

Building Django 2.0 Web Applications

Learn how to build web apps in production with Django by following three example projects. First, you'll build a clone of IMDB. Next, you'll build a clone of Stack Overflow. Lastly, you'll build a clone of MailChimp. By the end of book, you'll have all the knowledge required to build your own projects with Django 2.0!

BookApr 2018408 pages
Django 2 by Example

Django 2 by Example

Django is a powerful Python web framework designed to develop web applications quickly. If you want to learn about the entire process of developing professional web applications with Django, then this book is for you. This book will walk you through the creation of four professional Django projects, teaching you how to solve common problems and implement best practices.

BookMay 2018526 pages
Django RESTful Web Services

Django RESTful Web Services

Django is a Python web framework that makes the web development process very easy. It reduces the amount of trivial code that simplifies the creation of web applications and results in faster development. It is a very powerful and a great choice for creating RESTful web services. If you are a python developer who wants to create RESTful web services with Django for your apps efficiently, then this is the right book for you.

BookJan 2018326 pages
Django 3 By Example

Django 3 By Example

Django 3 By Example, Third Edition, explores key Django features and best practices that every Python web developer should be aware of. This third edition is fully updated for Django 3 and a new chapter on Django Channels for real-time features has been added. Much more than just a reference guide, this book shows you how Django works in the real world. This book also shows you best practices and how to integrate other popular technologies, such as Redis, Celery, or Memcached into your Django projects.

BookMar 2020568 pages
Django 3 Web Development Cookbook

Django 3 Web Development Cookbook

This recipe-based guide is intended to solve common problems in building web apps with Django 3 and Python. Starting from setting up your environment, you will come across actionable solutions for common tasks like building models, forms, views, data management, through to testing, deploying, and securing your web apps.

BookMar 2020608 pages
Django 2 Web Development Cookbook

Django 2 Web Development Cookbook

Django is a framework designed to balance rapid web development with high performance. It handles high levels of user traffic and interaction, integrates with a variety of databases, and collects and processes data in real time. This book follows a task-based approach to guide you through developing with the Django 2.1 framework, starting with setting up and configuring Docker containers and a virtual environment for your project.

BookOct 2018544 pages
Django Design Patterns and Best Practices

Django Design Patterns and Best Practices

Learning to build more maintainable websites with Django either takes a lot of experience or familiarity with various pragmatic design patterns. This book will accelerate your journey into the world of web development. This new edition is updated with additional chapters and diagrams to help you get to grips with the current best practices in the latest versions of Django and Python.

BookMay 2018282 pages
Python Programming Blueprints

Python Programming Blueprints

Python is a very powerful, high-level, object-oriented programming language. It has swiftly developed over the years to become the language of choice for software developers due to its simplicity. This book takes you through varied and real-life projects. The examples start with the basics and gradually increase in complexity, helping boost your skills and inspiring you to apply this knowledge to projects.

BookFeb 2018456 pages

Personalised recommendations for you

Based on your interests and search pattern

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development

Modernizing Drupal 10 Theme Development covers everything a frontend developer or a Drupal developer needs to know about the Drupal 10 theme layer. Using real-world examples, this book will help you to build up from an empty theme to a fast, responsive, maintainable, and accessible Drupal website in both monolithic and decoupled ways.

BookAug 2023360 pages4
Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React

Full Stack Development with Spring Boot 3 and React contains a wealth of practical guidance for picking up full stack development. The step-by-step exploration of everything from dependency injection, ORM with Hibernate, and JWTs to RESTful APIs, UI styling, and TypeScript will help you to develop the Spring Boot and React skills you need.

BookOct 2023454 pages5
Modern API Development with Spring 6 and Spring Boot 3

Modern API Development with Spring 6 and Spring Boot 3

This practical guide teaches inexperienced Java programmers and web developers how to design, develop, test, and deploy highly scalable and maintainable APIs using REST, gRPC, GraphQL, and reactive programming paradigms with Java and Spring Boot. Complete with real-world examples, it will guide you to build enterprise-level APIs and services.

BookSep 2023494 pages1
Hands-On Web Scraping with Python

Hands-On Web Scraping with Python

This book guides you to discover and extract quality data from the web using Python libraries such as requests, lxml, pyquery, scrapy, and to use effective scraping techniques. It’ll help you master the fundamentals and advanced concepts of web scraping and apply your skills to real-world data extraction tasks, with analysis and visualization.

BookOct 2023324 pages
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages4
Mastering Blazor WebAssembly

Mastering Blazor WebAssembly

Mastering Blazor WebAssembly is a comprehensive, practical guide that’ll help you to develop advanced web applications. By combining real-world experience with the thorough knowledge needed to build Blazor apps in a masterful fashion, this book enables you to efficiently manage cross-platform mobile development with .NET MAUI and Blazor.

BookAug 2023370 pages3
Full Stack Web Development with Remix

Full Stack Web Development with Remix

Unlock the power of the web platform and cutting-edge technologies for your React applications using Remix to take advantage of the full stack to create a great user experience. This book is a complete resource covering the conventions, levers, and primitives of Remix and illustrates concepts through a real-world project.

BookNov 2023318 pages
Real-World Svelte

Real-World Svelte

This book is a must-have guide to unlocking Svelte's true potential. You’ll learn about advanced component development, efficient coding, and powerful UI patterns using actions. With a focus on state management, custom stores, and renderless components, this book equips you to build exceptional web apps with lightning-fast performance.

BookDec 2023282 pages3
Building Micro Frontends with React 18

Building Micro Frontends with React 18

This book is a step-by-step guide to building production-grade, highly scalable, and performant web apps using multi-SPA and micro apps patterns, where you’ll learn to deal with complexities related to micro frontends. The book is a full life cycle guide to building, deploying, and managing micro frontends in a cloud-native environment.

BookOct 2023218 pages
Drupal 10 Masterclass

Drupal 10 Masterclass

This all-in-one guide helps you get up and running with building Drupal applications using the latest Drupal 10 features. You’ll develop a complete practical understanding of Drupal frontend, backend, architecture, content management, themes, and modules to deliver a rich user experience by creating custom Drupal apps.

BookDec 2023310 pages
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages5
Full-Stack Flask and React

Full-Stack Flask and React

This book teaches you how to build simple yet efficient production-ready web applications. Starting with an introduction to React, this book will equip you with deeper knowledge of Flask and React technology stacks to undertake web application development with confidence.

BookOct 2023408 pages2