1๐
You have to log the user in
. login() is the process by which a session is allocated to an authenticated user
.
from django.contrib.auth.views import login
def create(self, request):
.....
user = authenticate(username=username, password=password)
if user:
login(request, user)
.....
and for that authenticate() must return a user object
after checking user.is_active return user object instead of custom message and json response. Upon successful login, request.user is assigned with the user object returned by the authenticate method of correspinding auth backend
. Also why there is a csrf_exempt
on authenticate? It is strongly recommended that one should pass csrf_token to django while making post requests. In this case as you are using django rest framework, make use of drf session authentication. Before that I recommend you to go through drf authentication methods. HTH ๐
๐คcutteeth
Source:stackexchange.com