#36699: Clarify behavior and documentation for login (404) and logout (405)
routes
-------------------------------------+-------------------------------------
Reporter: yydsjkl | Owner: (none)
Type: Bug | Status: new
Component: Uncategorized | Version: 5.2
Severity: Normal | Resolution:
Keywords: login, logout, | Triage Stage:
authentication, confusion | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Description changed by Natalia Bidart:
Old description:
> During university software testing using Django, we encountered two
> issues that might confuse new users:
>
> 1. Accessing `/login/` returns a 404 because Django doesn’t create a
> default login route.
> 2. Accessing `/logout/` returns a 405 (Method Not Allowed) because
> `LogoutView` only allows POST.
>
> While these are not actual bugs, they can be confusing for beginners. The
> documentation could be improved to explain:
> - Why these responses occur.
> - How to properly configure `LoginView` and `LogoutView` manually.
>
> Suggested improvement:
> Add a clarification in the Django authentication documentation
> (https://docs.djangoproject.com/en/stable/topics/auth/default/)
> showing that:
> - `/login/` is not created automatically.
> - `/logout/` requires POST by design for CSRF protection.
> - Example code:
> ```python
> from django.contrib.auth import views as auth_views
> urlpatterns = [
> path('login/',
> auth_views.LoginView.as_view(template_name='login.html')),
> path('logout/', auth_views.LogoutView.as_view(next_page='/')),
> ]
New description:
During university software testing using Django, we encountered two issues
that might confuse new users:
1. Accessing `/login/` returns a 404 because Django doesn’t create a
default login route.
2. Accessing `/logout/` returns a 405 (Method Not Allowed) because
`LogoutView` only allows POST.
While these are not actual bugs, they can be confusing for beginners. The
documentation could be improved to explain:
- Why these responses occur.
- How to properly configure `LoginView` and `LogoutView` manually.
Suggested improvement:
Add a clarification in the Django authentication documentation
(https://docs.djangoproject.com/en/stable/topics/auth/default/)
showing that:
- `/login/` is not created automatically.
- `/logout/` requires POST by design for CSRF protection.
- Example code:
{{{#!python
from django.contrib.auth import views as auth_views
urlpatterns = [
path('login/',
auth_views.LoginView.as_view(template_name='login.html')),
path('logout/', auth_views.LogoutView.as_view(next_page='/')),
]
}}}
--
--
Ticket URL: <https://code.djangoproject.com/ticket/36699#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019a3a5682b2-ad92e69a-d57a-436c-b8ff-b888c10adf75-000000%40eu-central-1.amazonses.com.
