|Reported by:||Preston Holmes||Owned by:||nobody|
|Cc:||Triage Stage:||Design decision needed|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
redirect_to_login is documented as the only "helper" function in contrib.auth - but what it does is relatively useless.
By itself, it does nothing to ensure that the destination can only be reached by logged in users.
Presumably, if you want to only send someone to a url after logging in, you would just use @login_required on the destination, and let it handle the redirection.
This mildly implies that you are somehow limiting who gets to the redirected destination - which of course is not true.
This is as much about cleaning up the docs, as having it documented implies that it has some value, of which I'm pretty much missing.