Django comes with a built-in authentication framework that can handle user authentication, sessions, permissions, and user groups. The authentication system includes views for common user actions such as login, logout, password change, and password reset.
The authentication framework is located at django.contrib.auth and is used by other Django contrib packages. Remember that you have already used the authentication framework in Chapter 1, Building a Blog Application, to create a superuser for your blog application to access the administration site.
When you create a new Django project using the startproject command, the authentication framework is included in the default settings of your project. It consists of the django.contrib.auth application and the following two middleware classes found in the MIDDLEWARE setting...