1. What is authentication in Django?

Authentication is the process of verifying user identity (login system).

2. What is authorization?

Authorization determines what an authenticated user is allowed to do.

3. What is django.contrib.auth?

A built-in app that handles authentication.

4. What is User model?

Default model for storing user data.

5. What fields are in User model?

username, password, email, is_staff, is_superuser.

6. What is password hashing?

Storing passwords securely using hashing.

7. What is authenticate()?

Verifies user credentials.

8. What is login()?

Logs user into session.

9. What is logout()?

Logs user out.

10. What is request.user?

Returns current logged-in user.

11. What is AnonymousUser?

Represents unauthenticated user.

12. What is is_authenticated?

Checks if user is logged in.

13. What is is_staff?

Access to admin panel.

14. What is is_superuser?

Full permissions.

15. What is create_user()?

Creates normal user.

16. What is create_superuser()?

Creates admin user.

17. What is set_password()?

Hashes password.

18. What is check_password()?

Verifies password.

19. What is login_required?

Restricts access to logged users.

20. What is permission_required?

Checks user permission.

21. What is user permission?

Access control for actions.

22. What are default permissions?

add, change, delete, view.

23. What is Group?

Collection of users with same permissions.

24. How to assign user to group?

Using admin or code.

25. What is has_perm()?

Checks permission.

26. What is has_perms()?

Checks multiple permissions.

27. What is has_module_perms()?

Checks module access.

28. What is backend authentication?

Custom authentication logic.

29. What is AUTH_USER_MODEL?

Custom user model setting.

30. Why use custom user model?

To add extra fields.

31. What is AbstractUser?

Extends default user model.

32. What is AbstractBaseUser?

Fully customizable user model.

33. What is USERNAME_FIELD?

Field used for login.

34. What is REQUIRED_FIELDS?

Fields required for superuser.

35. What is permissions mixin?

Adds permission functionality.

36. What is authentication backend?

Custom login logic.

37. What is ModelBackend?

Default backend.

38. What is RemoteUserBackend?

External authentication.

39. What is session?

Stores user data.

40. What is session framework?

Manages sessions.

41. What is session key?

Unique session ID.

42. What is session expiry?

Session timeout.

43. What is cookie?

Stored in browser.

44. What is CSRF protection?

Prevents request forgery.

45. What is csrf_token?

Security token.

46. What is password validation?

Rules for password strength.

47. What is AUTH_PASSWORD_VALIDATORS?

Password rules.

48. What is login view?

Handles login form.

49. What is logout view?

Handles logout.

50. What is LoginView?

CBV for login.

51. What is LogoutView?

CBV for logout.

52. What is redirect after login?

Using LOGIN_REDIRECT_URL.

53. What is redirect after logout?

Using LOGOUT_REDIRECT_URL.

54. What is password reset?

Reset forgotten password.

55. What is PasswordResetView?

Sends reset email.

56. What is PasswordChangeView?

Change password.

57. What is email backend?

Sends emails.

58. What is token in reset?

Secure link.

59. What is user registration?

Create new account.

60. What is signup form?

User registration form.

61. What is login form?

Form for login.

62. What is authentication flow?

Login → session → access.

63. What is middleware in auth?

Processes user data.

64. What is AuthenticationMiddleware?

Adds user to request.

65. What is SessionMiddleware?

Manages session.

66. What is permission decorator?

Restricts access.

67. What is user_passes_test?

Custom check.

68. What is login URL?

Login page path.

69. What is LOGIN_URL?

Setting for login page.

70. What is access control?

Restricting access.

71. What is object-level permission?

Permission per object.

72. What is django-guardian?

Object-level permission library.

73. What is OAuth?

Third-party authentication.

74. What is JWT?

Token-based auth.

75. What is token authentication?

Using tokens instead of session.

76. What is DRF authentication?

API authentication.

77. What is BasicAuth?

Username-password auth.

78. What is SessionAuth?

Session-based auth.

79. What is permission class?

Controls API access.

80. What is IsAuthenticated?

Allows logged users.

81. What is IsAdminUser?

Allows admin users.

82. What is AllowAny?

No restriction.

83. What is Django security best practice?

Use hashing, CSRF, permissions.

84. What is password storage best practice?

Never store plain text.

85. What is brute force attack?

Repeated login attempts.

86. How to prevent brute force?

Rate limiting.

87. What is account lockout?

Block after failed attempts.

88. What is HTTPS?

Secure communication.

89. What is secure cookie?

Only sent over HTTPS.

90. What is HttpOnly cookie?

Not accessible via JS.

91. What is session hijacking?

Stealing session.

92. How to prevent hijacking?

Use secure cookies.

93. What is logout on inactivity?

Auto logout.

94. What is audit logging?

Track user actions.

95. What is role-based access?

Access by role.

96. What is multi-factor authentication?

Extra security layer.

97. What is social login?

Login via Google/Facebook.

98. What is django-allauth?

Authentication library.

99. What is auth scalability?

Handling many users.

100. How to secure Django authentication?

Use HTTPS, strong passwords, tokens, and proper permissions.