Opened 4 weeks ago

Closed 4 weeks ago

#36699 closed Bug (duplicate)

Clarify behavior and documentation for login (404) and logout (405) routes

Reported by: yydsjkl Owned by:
Component: contrib.auth Version: 5.2
Severity: Normal Keywords: login, logout, authentication, confusion
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Natalia Bidart)

During university software testing using Django, we encountered two issues that might confuse new users:

  1. Accessing /login/ returns a 404 because Django doesn’t create a default login route.
  2. Accessing /logout/ returns a 405 (Method Not Allowed) because LogoutView only allows POST.

While these are not actual bugs, they can be confusing for beginners. The documentation could be improved to explain:

  • Why these responses occur.
  • How to properly configure LoginView and LogoutView manually.

Suggested improvement:
Add a clarification in the Django authentication documentation
(https://docs.djangoproject.com/en/stable/topics/auth/default/)
showing that:

  • /login/ is not created automatically.
  • /logout/ requires POST by design for CSRF protection.
  • Example code: 
  from django.contrib.auth import views as auth_views
  urlpatterns = [
      path('login/', auth_views.LoginView.as_view(template_name='login.html')),
      path('logout/', auth_views.LogoutView.as_view(next_page='/')),
  ]

Change History (3)

comment:1 by yydsjkl, 4 weeks ago

Proposed Fix

Below is a proposed fix for the login page (404) issue discussed in this ticket.
This fix demonstrates how a Django project can manually define a login route, view, and template.
It also helps clarify to new users why the default /login/ route does not exist.

# mysite/urls.py
from django.urls import path
from . import views

urlpatterns = [
    path('admin/', admin.site.urls),
    path('login/', views.login_view, name='login'),  # Added login route
]
# myapp/views.py
from django.shortcuts import render

def login_view(request):
    return render(request, 'login.html')

<!-- templates/login.html -->
<h1>Login Page</h1>
<form method="post">
  {% csrf_token %}
  <input type="text" name="username" placeholder="Username">
  <input type="password" name="password" placeholder="Password">
  <button type="submit">Login</button>
</form>
Last edited 4 weeks ago by Natalia Bidart (previous) (diff)

comment:2 by Natalia Bidart, 4 weeks ago

Description: modified (diff)

comment:3 by Natalia Bidart, 4 weeks ago

Component: Uncategorizedcontrib.auth
Resolution: duplicate
Status: newclosed

Hello yydsjkl, thank you for your interest in making Django better. This topic has been discussed in the forum, currently with pending community agreement: you can read more and participate in https://forum.djangoproject.com/t/update-startproject-with-default-login-signup-logout-options/35175. There is also this somewhat relevant DEP proposal: https://github.com/django/deps/pull/98.

It's also important to note that some of the bits that you propose are already available in the docs, like describing how to define a login view. The following is shown in the docs you linked:

from django.contrib.auth import views as auth_views

path("accounts/login/", auth_views.LoginView.as_view()),

And also:

It's your responsibility to provide the html for the login template , called registration/login.html by default.

This ticket could also be considered a duplicate of #13061. I'll be closing this ticket as duplicate but please continue the conversation in the forum if you are interested in this subject.

Note: See TracTickets for help on using tickets.
Back to Top