id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
36699	Clarify behavior and documentation for login (404) and logout (405) routes	yydsjkl		"During university software testing using Django, we encountered two issues that might confuse new users:

1. Accessing `/login/` returns a 404 because Django doesn’t create a default login route.
2. Accessing `/logout/` returns a 405 (Method Not Allowed) because `LogoutView` only allows POST.

While these are not actual bugs, they can be confusing for beginners. The documentation could be improved to explain:
- Why these responses occur.
- How to properly configure `LoginView` and `LogoutView` manually.

Suggested improvement:
Add a clarification in the Django authentication documentation
(https://docs.djangoproject.com/en/stable/topics/auth/default/)
showing that:
- `/login/` is not created automatically.
- `/logout/` requires POST by design for CSRF protection.
- Example code:

{{{#!python
  from django.contrib.auth import views as auth_views
  urlpatterns = [
      path('login/', auth_views.LoginView.as_view(template_name='login.html')),
      path('logout/', auth_views.LogoutView.as_view(next_page='/')),
  ]
}}}"	Bug	closed	contrib.auth	5.2	Normal	duplicate	login, logout, authentication, confusion		Unreviewed	0	0	0	0	0	0