First of all, when logging in, you must calculate a session or cookies for the front end. After logging in, the front end will come to you with the calculated session or cookies and say that I have logged in. This is my login credentials, and then After the server gets it, it calculates whether it is the same as what I calculated. If it is, it means it is logged in normally. Instead of simply jumping to a page, no information is returned.

It goes without saying that you need to register. . Just write the account password into the database, then use it back when logging in and compare it. If it is correct, jump to login.

Logout is to clear the user's login information, such as cookies, refresh session, etc. If it is not detected, you will not be able to access the login page, so you can just jump and redirect to the login page.

Should we verify the username and password passed from the front end?

class LoginForm(forms.Form):

    email = forms.CharField()
    password = forms.CharField(widget=forms.PasswordInput)
    
    def __init__(self, *args, **kwargs):
        self.user_cache = None
        super(LoginForm, self).__init__(*args, **kwargs)

    def clean(self):
        email = self.cleaned_data.get('email')
        password = self.cleaned_data.get('password')

        if email and password:
            if not AtUser.objects.filter(email=email).exists():
                raise forms.ValidationError(u'该账号不存在')

            self.user_cache = authenticate(email=email, password=password)
            if self.user_cache is None:
                raise forms.ValidationError(u'邮箱或密码错误！')

            elif not self.user_cache.is_active:
                raise forms.ValidationError(u'该帐号已被禁用！')

        return self.cleaned_data

    def get_user_id(self):
        """获取用户id"""
        if self.user_cache:
            return self.user_cache.id
        return None

    def get_user(self):
        """获取用户实例"""
        return self.user_cache

Same as registration