The "next" variable is set in the login page, even when accessed directly
|Patch needs improvement:
In the default authentication system, when a user tries to access a protected page without logging in, he/she gets redirected to the login page. When this happens, the
next template variable is set to the URL of the protected page. This is working fine.
However, when the user directly opens up the login page, for example by entering the URL in the address bar, the
next template variable should not be set. But it is set to
settings.LOGIN_REDIRECT_URL (or it's default value), which is unexpected.
Because of this, if we are using the template for
login.html as given in the documentation, we see the
Please login to see this page. message even when the user opens the login page directly.
I tried to debug to find where the problem is, and found it in
django.contrib.auth.views.LoginView class. This class has a method
get_success_url which gets the redirect url either from the
next parameter or from the
LOGIN_REDIRECT_URL. This method is being also used to populate the context for the login form in the method
get_context_data, which, in my opinion is incorrect. The dispatch method also uses the
get_success_url to get the redirect url, which is correct because the purpose there is to actually redirect.