29👍
This is a matter of the single responsibility principle: a method should do one logical thing. As you noted yourself, these two steps ate logically distinct:
authenticatejust verifies the login information.
loginwill take the user object and set the cookies
To further clarify, authentication is a one-time check,
and doesn’t imply a login session.
A login session implies some period of time during which the user is free to perform various restricted activities without repeated authentication checks.
Sometimes you may need to authenticate users (verify they are who they say they are) without logging them in.
If these two functionalities were combined into one,
you wouldn’t be able to do that,
even if you just wanted to do a one-time check,
you would have to log them in, creating a session,
which wouldn’t make sense.
Since these are clearly distinct purposes,
it makes perfect sense to have two methods.
The separation also makes testing easier. If you write an new authentication backend, you would want to be able to test if the authentication step alone is working or not, without having to worry about how the whole login system works, which is not the responsibility of your backend.
Decomposing methods into their smallest logically independent elements is the sensible thing to do, with many benefits.
17👍
In simple terms,
Authenticate refers to verifying the user credentials
Whereas login refers to creation of a user session once the user credentials has been verified(authenticated)
- [Django]-When are create and update called in djangorestframework serializer?
- [Django]-Temporarily disable auto_now / auto_now_add
- [Django]-Rendering JSON objects using a Django template after an Ajax call
1👍
Authentication is the process of identifying users and verifying that they are who they claim to be. A password is one of the most prevalent and visible measures in establishing identity.
The identity is valid if the user name matches the password credential, and the system enables access to the user.
Logging in is the standard process by which an individual receives access to certain resources, computer systems, or networks after being identified and authenticated in the field of computer and information security.
A username is often made up of user credentials, and login is made up of a password.
- [Django]-Django request get parameters
- [Django]-How to create an empty queryset and to add objects manually in django
- [Django]-Self.instance in Django ModelForm