By submitting form
Form which needs to be added in the form {% csrf_token%}
So that when you view the page source code, you can see the form in a hidden input
Summarize it works: when users access the login page, it will generate a random string of csrf ,, and also a cookie to store this random string, when the user submits the data will be submitted once again with this random string, if there is no the random string can not be successfully submitted
cookie stored in csrftoken below