User has no attribute session

After looking online I cannot come up with the solution. I am building my own authentication app: I can register the user, send activation account email, activate the account, login, and correctly change password. However, when it comes to logging out, I get the error 'User' object has no attribute 'session'. I try to print the user and it shows correctly the email and username associated to it. Checking inside the cookies there seem to be a valid csrf token and a valid session id. I would love if you can double check my login, logout and settings to see if I am messing something up.

settings.py
REST_FRAMEWORK = {
   78    'DEFAULT_AUTHENTICATION_CLASSES': (
   79        'rest_framework.authentication.SessionAuthentication',
   80        'rest_framework.authentication.BasicAuthentication',
   81    ),
   82    'DEFAULT_PERMISSION_CLASSES': (
   83        'rest_framework.permissions.IsAuthenticated',
   84        'rest_framework.permissions.IsAdminUser',
   85    ),
   86 }
loginView
class LoginView(APIView):
   23     authentication_classes = [SessionAuthentication, BasicAuthentication]  : list[Unknown]
   24     permission_classes = [AllowAny] : list[Type[AllowAny]]
   25
   26     def post(self, request): -> Response
   27         serializer = LoginSerializer(data=request.data) : LoginSerializer
   28         if serializer.is_valid():
   29             try:
   30                 user = authenticate(request,  : Unknown | None
   31                                     email_or_username=request.data["email_or_username"],
   32                                     password=request.data["password"])
   33
   34             except ValueError as e:
   35                 return Response({"errors": f"{e}"}, status=status.HTTP_400_BAD_REQUEST)
   36
   37             login(request, user)
   38             return Response({"success":"user successfully logged in"},
   39                             status=status.HTTP_200_OK)
   40
   41         return Response({"errors" : serializer.errors}, status=status.HTTP_400_BAD_REQUEST)
   42

logoutView
class LogoutView(APIView):
   44     authentication_classes = [SessionAuthentication, BasicAuthentication] : list[Unknown]
   45     permission_classes = [IsAuthenticatedOrReadOnly] : list[Type[IsAuthenticatedOrReadOnly]]
   46
   47     def post(self, request): -> Response
   48       
   49         if request.user and request.user.is_active:
   50             logout(request.user)
   51             return Response({"success" : "user successfully logout"},
   52                         status=status.HTTP_200_OK)
   53         return Response({"errors" : "user not logged in"},
   54                          status=status.HTTP_401_UNAUTHORIZED)
   55

P.S. I also created my own custom authentication backend

backends.py
  6 class UserBackend(BaseBackend):
>>  7     def authenticate(self, request, email_or_username, password=None): -> Unknown
    8         try:
    9             user = User.objects.get(Q(username=email_or_username) |  : Unknown
   10                                     Q(email=email_or_username))
>> 11         except User.DoesNotExist:
   12             raise ValueError("The credentials entered are invalid")
   13
   14         if not user.is_active:
   15             raise ValueError("Account is not activated, check the email received upon "
   16                              "registration")
   17
   18         if not user.check_password(password):
   19             raise ValueError("Invalid Password")
   20
   21         return user
   22
   23     def get_user(self, user_id): -> (Unknown | None)
   24         try:
   25             return User.objects.get(pk=user_id)
   26
>> 27         except User.DoesNotExist:
   28             return None

Thank you for the help

Back to Top