You might have noticed that you didn't have to use your password, apart from back when we used the admin interface. You might also have noticed that this means that anyone can add or edit post...
in mysite/urls.py -
use views.LoginView instead of views.login
Similarly, use views.LogoutView instead of views.logout