id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
36576	/admin/logout/ requires having admin access	Alex Dehnert		"If I visit /admin/logout/ while logged in as a user that doesn't have admin/staff access, I'm redirected to /admin/ and then to /admin/login/, *without* being logged out of my existing user. This feels like a bug, for several reasons:
* If I don't have permission to access `/admin/logout/` for some reason, shouldn't I get told that, not just redirected to a login screen and left to guess?
* The [https://github.com/django/django/blob/c594574175e379fff356e274893d797f6e6a95fa/django/contrib/admin/sites.py#L391 docstring for logout()] says ""This should *not* assume the user is already logged in."", which isn't quite the same as ""should log you out regardless of what user you are"" but sorta hints in that direction to me
* The [https://docs.djangoproject.com/en/5.2/releases/4.1/#log-out-via-get release notes for 4.1] suggest using `admin:logout` to log out, without any caveats about ""all your users need to be staff"" (my instinct is the recommendation should be `logout` not `admin:logout` regardless -- #36575 -- but it still suggests that this behavior is unexpected).

I looked briefly and didn't understand *how* /admin/logout/ requires admin access; I'm mildly suspicious of the [https://github.com/django/django/commit/c7fc9f20b49b5889a9a8f47de45165ac443c1a21#diff-0b9b76020bca57d146eddea5c47e1e6a99744ce287a365e18a0d7685dd268f18R408 @login_not_required decorator on `login`] but I don't know if that's actually relevant."	New feature	closed	contrib.auth	5.1	Normal	duplicate		Alex Dehnert	Unreviewed	0	0	0	0	0	0