Opened 4 weeks ago
Last modified 4 weeks ago
#36699 closed Bug
Clarify behavior and documentation for login (404) and logout (405) routes — at Initial Version
| Reported by: | yydsjkl | Owned by: | |
|---|---|---|---|
| Component: | contrib.auth | Version: | 5.2 |
| Severity: | Normal | Keywords: | login, logout, authentication, confusion |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
During university software testing using Django, we encountered two issues that might confuse new users:
- Accessing
/login/returns a 404 because Django doesn’t create a default login route. - Accessing
/logout/returns a 405 (Method Not Allowed) becauseLogoutViewonly allows POST.
While these are not actual bugs, they can be confusing for beginners. The documentation could be improved to explain:
- Why these responses occur.
- How to properly configure
LoginViewandLogoutViewmanually.
Suggested improvement:
Add a clarification in the Django authentication documentation
(https://docs.djangoproject.com/en/stable/topics/auth/default/)
showing that:
/login/is not created automatically./logout/requires POST by design for CSRF protection.- Example code:
`python from django.contrib.auth import views as auth_views urlpatterns = [
path('login/', auth_views.LoginView.as_view(template_name='login.html')),
path('logout/', auth_views.LogoutView.as_view(next_page='/')),
]
Note:
See TracTickets
for help on using tickets.