0
0
DjangoHow-ToBeginner · 3 min read

How to Order Middleware in Django: Correct Setup and Tips

In Django, middleware order matters because each middleware processes requests and responses in sequence. You set the order by listing middleware classes in the MIDDLEWARE setting in settings.py, where the first middleware handles the request first and the last middleware handles the response first.
📐

Syntax

The MIDDLEWARE setting in settings.py is a list of middleware classes. Django processes this list in order for requests and in reverse order for responses.

  • Request phase: Middleware at the top runs first.
  • Response phase: Middleware at the bottom runs first.

This order controls how your app handles incoming requests and outgoing responses.

python
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
💻

Example

This example shows a custom middleware added to the default Django middleware list. The order ensures the custom middleware processes requests after session setup but before authentication.

python
MIDDLEWARE = [
    'django.middleware.security.SecurityMiddleware',
    'django.contrib.sessions.middleware.SessionMiddleware',
    'myapp.middleware.CustomMiddleware',  # Custom middleware added here
    'django.middleware.common.CommonMiddleware',
    'django.middleware.csrf.CsrfViewMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
    'django.contrib.messages.middleware.MessageMiddleware',
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
]

# CustomMiddleware example

from django.utils.deprecation import MiddlewareMixin

class CustomMiddleware(MiddlewareMixin):
    def process_request(self, request):
        print('CustomMiddleware: processing request')

    def process_response(self, request, response):
        print('CustomMiddleware: processing response')
        return response
Output
CustomMiddleware: processing request CustomMiddleware: processing response
⚠️

Common Pitfalls

Common mistakes when ordering middleware include:

  • Placing middleware that depends on sessions before SessionMiddleware.
  • Putting authentication middleware before session middleware, causing authentication to fail.
  • Adding custom middleware in the wrong order, breaking request or response flow.

Always check middleware dependencies and Django docs for recommended order.

python
MIDDLEWARE = [
    'django.contrib.auth.middleware.AuthenticationMiddleware',  # Wrong: before sessions
    'django.contrib.sessions.middleware.SessionMiddleware',
]

# Correct order:
MIDDLEWARE = [
    'django.contrib.sessions.middleware.SessionMiddleware',
    'django.contrib.auth.middleware.AuthenticationMiddleware',
]
📊

Quick Reference

Middleware TypeRecommended Order PositionReason
SecurityMiddlewareFirstSets security headers early
SessionMiddlewareBefore AuthenticationMiddlewareSessions needed for authentication
AuthenticationMiddlewareAfter SessionMiddlewareDepends on session data
CommonMiddlewareAfter SessionMiddlewareHandles common tasks like URL rewriting
CsrfViewMiddlewareAfter AuthenticationMiddlewareProtects authenticated views
MessageMiddlewareAfter AuthenticationMiddlewareHandles user messages
Clickjacking MiddlewareLastSets headers on final response

Key Takeaways

Order middleware in the MIDDLEWARE list in settings.py to control request and response flow.
Middleware at the top processes requests first and responses last; order matters for dependencies.
Place SessionMiddleware before AuthenticationMiddleware to avoid errors.
Add custom middleware carefully respecting dependencies and order.
Refer to Django docs for recommended middleware order to ensure correct app behavior.

Related by keyword

How to Use order_by in Django: Syntax and ExamplesORM QueriesHow to Use CSRF Middleware in Django for Secure FormsSecurityHow to Use Crispy Forms in Django: Simple Setup and ExampleFormsHow to Use Formset in Django: Syntax, Example, and TipsFormsHow to Use django-allauth for Authentication in DjangoAuthentication

Up next

What is Django REST Framework: Overview and UsageWhat is ModelSerializer in DRF in Django: Explained SimplyHow to Configure Media Files in Django: Step-by-Step GuideHow to Configure Static Files in Django: Simple Setup Guide

More in Middleware

Add Custom Header in Django Middleware: Simple GuideHow to Create Custom Middleware in Django: Simple GuideHow to Use CORS Middleware in Django: Simple Setup GuideHow to Use Middleware in Django: Syntax and Examples