For various reasons, I cannot use Django's ORM features. Instead I have to query into a database to check passwords instead of using models. I can already do that. But I can't figure out how to make a custom auth backend work with that.
This doc page details how to set up a custom auth backend. However, I am unsure as to how it is still tracking whether a user is logged in.
The authenticate and validate functions seem to be returning a User Object. And session seems to be used to track logged in users. What I don't understand is how to make that work with a custom user class that doesn't use models. How am I supposed to get the session key? Why is it set SESSION_KEY = '_auth_user_id' at the start of init.py? Does that get updated when user logs in? And What is session_auth_hash?
Request.user exists. But if I set it for one request, do all subsequent requests in that session refer to that user?
All I want to do is let a user login and logout after matching database credentials.