Before you tell me I'm leaving performance on the table with Python: I know. Before you tell me Node keeps everything in one language: I know that too. I've used both in production. I still reach for Django when I need to build something that has to work, ship fast, and be maintained by someone other than me.

Here's what I mean, concretely.

The admin panel is not a toy

Django's built-in admin interface generates a fully functional CRUD dashboard for every model you define. On every project I've shipped with Django, the admin has been the first thing the client uses — to add content, check orders, moderate submissions — before the custom frontend is even close to finished.

Replicating this in Express + React takes a week minimum. In Django, you get it for free and customize it with decorators. For startups and small teams where business value has to come before technical elegance, this is a genuine multiplier.

Django REST Framework makes APIs boring (in the best way)

DRF's viewsets and serializers follow a pattern so consistent that after you write it twice, you can generate it in your sleep. ModelSerializer introspects your model and gives you validation, serialization, and deserialization for free. ViewSets give you list, retrieve, create, update, and destroy with one class. Authentication, permissions, and pagination are configuration, not code.

from rest_framework import serializers, viewsets
from .models import Project

class ProjectSerializer(serializers.ModelSerializer):
    class Meta:
        model = Project
        fields = ['id', 'title', 'description', 'status', 'created_at']

class ProjectViewSet(viewsets.ModelViewSet):
    queryset = Project.objects.all()
    serializer_class = ProjectSerializer
    permission_classes = [IsAuthenticatedOrReadOnly]

That's a full CRUD API with auth protection. Router registration gives you the URL patterns. You didn't write a single if/else. The boring path through DRF is very fast and very correct.

Authentication without the footguns

JWT auth in Django with `djangorestframework-simplejwt` gives you access tokens (short-lived, 15 minutes), refresh tokens (long-lived, stored in HttpOnly cookies), and token blacklisting out of the box. The library handles token expiry, rotation, and blacklisting. You configure it, not implement it.

On the React side: Axios interceptors catch 401 responses and automatically request a new access token using the refresh token before retrying the original request. The user never sees an expired session unless their refresh token has also expired. This pattern took me two hours to set up correctly. In four years, I haven't had an auth bug in production with it.

Where Django loses

Real-time features. Django Channels adds WebSocket support but it's not the native model the way it is in Node. If your application is fundamentally real-time — live collaboration, messaging, multiplayer — you're swimming upstream with Django. Node + Socket.io or a dedicated real-time service is the better call.

Serverless deployments are also awkward. Django expects persistent processes. It doesn't map cleanly to Lambda or Cloudflare Workers. If you're deploying to Vercel or want edge functions, Django is not your friend. For those cases I reach for Next.js API routes or a dedicated Edge runtime.

The deployment pattern I've settled on

• Django API on Railway (or Render) — free tier for early projects, painless scaling later
• React frontend on Vercel — zero-config deploys on push, global CDN
• PostgreSQL managed by the hosting platform — no database maintenance
• Static files on Cloudflare R2 — S3-compatible, no egress fees
• Nginx only if I need custom routing — otherwise let the platform handle it

This stack gets a production-ready application deployed in an afternoon. It's not the most sophisticated infrastructure, but it works reliably, scales to moderate traffic without changes, and lets me focus on the product instead of the plumbing.

The best stack is the one you know well enough to debug at midnight. For me, that's Django and React. Your midnight stack might be different — and that's fine.