0
0
Djangoframework~10 mins

Authentication middleware in Django - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Authentication middleware
Request received
Middleware invoked
Check if user is authenticated
Allow request
View processes request
Response sent back
The middleware intercepts each request, checks if the user is logged in, and either allows the request to continue or redirects to login.
Execution Sample
Django
from django.shortcuts import redirect

class AuthMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        if not request.user.is_authenticated:
            return redirect('/login/')
        return self.get_response(request)
This middleware checks if the user is authenticated; if not, it redirects to the login page, otherwise it passes the request to the view.
Execution Table
StepRequest.user.is_authenticatedActionResult
1FalseCheck authenticationRedirect to /login/
2TrueCheck authenticationPass request to view
3-View processes requestResponse generated
4-Response sent backRequest cycle ends
💡 Request ends after redirect or after view processes authenticated request
Variable Tracker
VariableStartAfter Step 1After Step 2Final
request.user.is_authenticatedDepends on userFalse or TrueTrue if passedN/A
responseNoneRedirect or NoneView response or NoneFinal HTTP response
Key Moments - 2 Insights
Why does the middleware redirect instead of letting the request continue?
Because the user is not authenticated (see execution_table step 1), the middleware stops the request flow and redirects to login to protect secure pages.
What happens if the user is authenticated?
The middleware passes the request to the view (execution_table step 2), allowing normal processing and response generation.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what happens at step 1 when user is not authenticated?
ARequest is redirected to login page
BRequest is passed to the view
CResponse is sent back immediately
DMiddleware raises an error
💡 Hint
Check the 'Action' and 'Result' columns at step 1 in execution_table
At which step does the view process the request?
AStep 1
BStep 3
CStep 2
DStep 4
💡 Hint
Look for 'View processes request' in the 'Action' column of execution_table
If request.user.is_authenticated is always True, how does the execution_table change?
AStep 3 is skipped
BStep 1 redirects to login
CStep 1 passes request to view, no redirect
DResponse is never sent
💡 Hint
Refer to 'request.user.is_authenticated' values and actions in execution_table steps 1 and 2
Concept Snapshot
Authentication middleware intercepts requests.
Checks if user is logged in.
If not, redirects to login page.
If yes, passes request to view.
Protects secure pages from unauthorized access.
Full Transcript
Authentication middleware in Django runs on every request. It checks if the user is logged in by inspecting request.user.is_authenticated. If the user is not authenticated, the middleware redirects the request to the login page, stopping further processing. If the user is authenticated, the middleware allows the request to continue to the view, which then processes the request and returns a response. This ensures only logged-in users can access protected pages.