What's the point of the "is_authenticated" method used in Flask-Login?
First of all, is_anonymous()
and is_authenticated()
are each other's inverse. You could define one as the negation of the other, if you want.
You can use these two methods to determine if a user is logged in.
When nobody is logged in Flask-Login's current_user
is set to an AnonymousUser
object. This object responds to is_authenticated()
and is_active()
with False
and to is_anonymous()
with True
.
The is_active()
method has another important use. Instead of always returning True
like I proposed in the tutorial, you can make it return False
for banned or deactivated users and those users will not be allowed to login.
I was baffled by this is_authenticated
vs is_anonymous
for hours. I could not believe they were just opposite. Finally just by chance I found this old blog post. It is about a problem in the Django templating system in which non existent variables evaluates to False
. That could lead to wrong behaviour when testing is_anonymous
in the template code. Again that is old so I don't know if it holds. The way they solved the problem was to create is_authenticated
.
I guess Flask-Login just copied the model from Django without questioning. Now I can sleep in peace.