Session Authentication in Django Rest Framework (DRF)

Authentication is a crucial component of web applications, ensuring that only authorized users can access protected resources. In Django Rest Framework (DRF), Session Authentication is one of the built-in authentication methods that work seamlessly with Django’s session-based authentication system. In this blog post, we ‘ll explore Session Authentication in DRF, its advantages, and how to implement it in your Django project.

  1. Session Authentication: Integrates with Django’s session-based authentication for web and API security.
  2. Basic Authentication: Uses username and password for simple API authentication.
  3. Token Authentication: Provides stateless token-based authentication for secure API access.
  4. Remote User Authentication: Method of authenticating users in Django where user credentials are managed by a separate authentication system

Understanding Session Authentication:

Session Authentication relies on the concept of server-side sessions. When a user logs in, the server creates a session for them and associates a session ID with their client. Subsequent requests from the same client include this session ID, allowing the server to identify and authenticate the user. Session Authentication is often used in applications that employ both traditional web pages and RESTful APIs, as it integrates well with Django’s default authentication system.

Implementing Session Authentication in Django Rest Framework:

Let’s dive into the steps required to implement Session Authentication in your Django Rest Framework project.

Step 1: Install Django Rest Framework and Configure It

If you haven’t already, install DRF using pip:

pip install djangorestframework

Next, add ‘rest_framework’ to your Django project’s settings:

    # ...

Step 2: Create a Serializer and ViewSet

Define a serializer to serialize your data and a ViewSet to handle CRUD operations.. Here’s an example using a simple “Task” model:

from rest_framework import serializers, viewsets
from .models import Task

class TaskSerializer(serializers.ModelSerializer):
    class Meta:
        model = Task
        fields = '__all__'

class TaskViewSet(viewsets.ModelViewSet):
    queryset = Task.objects.all()
    serializer_class = TaskSerializer

Learn more on How to create CRUD Operations using Django Viewsets.

Step 3: Configure URLs

Create URL patterns for your API views, similar to previous examples:

from django.urls import path, include
from rest_framework.routers import DefaultRouter

router = DefaultRouter()
router.register(r'tasks', TaskViewSet)

urlpatterns = [
    path('', include(router.urls)),

Step 4: Enable Session Authentication

In your project’s settings, specify Session Authentication as the default authentication class:


Step 5: Migrate and Run Server

Run migrations to create the necessary database tables:

python makemigrations
python migrate

Now, start your Django development server:

python runserver

Testing Session Authentication:

To test Session Authentication, users must log in to your application through a web interface. Once logged in, their session will be established, and they can access your API endpoints seamlessly. Session Authentication is particularly useful when your application combines traditional web views with RESTful APIs, as it shares authentication state between the two.

For example, create a superuser using – python3 createsuperuser and login http://localhost:8000/admin

Next: Now you can check our blog User Registration, Login, Logout API using Django Rest Framework


Session Authentication in Django Rest Framework provides a seamless way to secure your APIs, especially in applications that use both traditional web pages and RESTful services. By following the steps outlined in this guide, you can easily implement Session Authentication in your DRF project, ensuring that your endpoints remain secure and that authorized users can access protected resources.

Blogs You Might Like to Read!