diff --git a/apps/templates/_user_profile.html b/apps/templates/_user_profile.html
index 0341fdb68..d47ba6537 100644
--- a/apps/templates/_user_profile.html
+++ b/apps/templates/_user_profile.html
@@ -11,7 +11,7 @@
                     <strong class="font-bold"> {{ user.name }}<span style="color: #8095a8"></span></strong>
                 </span>
                 <span class="text-muted text-xs block">
-                     {{ request.user.get_role_display | default:_('User') }}<b class="caret"></b>
+                     {{ user.get_role_display | default:_('User') }}<b class="caret"></b>
                 </span>
             </span>
         </a>
diff --git a/apps/users/urls.py b/apps/users/urls.py
index 7c249b413..ff612d5b2 100644
--- a/apps/users/urls.py
+++ b/apps/users/urls.py
@@ -1,35 +1,16 @@
 from django.conf.urls import url
-from django.contrib.auth import views as auth_views
-from django.utils.translation import ugettext as _
 
 import views
 import api
-from .forms import UserLoginForm
 
 app_name = 'users'
 
 urlpatterns = [
-    url(r'^login$',
-        auth_views.login,
-        {'template_name': "users/login.html",
-         'authentication_form': UserLoginForm,
-         'redirect_authenticated_user': True},
-        name='login'),
-    url(r'^logout$',
-        auth_views.logout,
-        {
-            "template_name": "common/flash_message_standalone.html",
-            "extra_context": {
-                'title': _('Logout success'),
-                'messages': _('Logout success, return login page'),
-                'redirect_url': '/users/login',
-                'auto_redirect': True,
-            }
-        },
-        name='logout'),
-    url(r'^password/forgot$', views.UserForgotPasswordView.as_view(), name='forgot-password'),
-    url(r'^password/forgot/sendmail-success$',
-        views.UserForgotPasswordSendmailSuccessView.as_view(), name='forgot-password-sendmail-success'),
+    url(r'^login$', views.UserLoginView.as_view(), name='login'),
+    url(r'^logout$', views.UserLogoutView.as_view(), name='logout'),
+    url(r'^password/forget$', views.UserForgotPasswordView.as_view(), name='forget-password'),
+    url(r'^password/forget/sendmail-success$',
+        views.UserForgotPasswordSendmailSuccessView.as_view(), name='forget-password-sendmail-success'),
     url(r'^password/reset$', views.UserResetPasswordView.as_view(), name='reset-password'),
     url(r'^password/reset/success$', views.UserResetPasswordSuccessView.as_view(),
         name='reset-password-success'),
diff --git a/apps/users/views.py b/apps/users/views.py
index 1017d2f65..dbeced754 100644
--- a/apps/users/views.py
+++ b/apps/users/views.py
@@ -5,15 +5,20 @@ from __future__ import unicode_literals
 import logging
 
 from django.conf import settings
+from django.contrib.auth import login as auth_login, logout as auth_logout
 from django.contrib.messages.views import SuccessMessageMixin
 from django.db.models import Q
 from django.http import HttpResponseRedirect
-from django.shortcuts import get_object_or_404, reverse
-from django.urls import reverse_lazy
+from django.shortcuts import get_object_or_404, reverse, redirect
+from django.utils.decorators import method_decorator
 from django.utils.translation import ugettext as _
+from django.urls import reverse_lazy
+from django.views.decorators.cache import never_cache
+from django.views.decorators.csrf import csrf_protect
+from django.views.decorators.debug import sensitive_post_parameters
 from django.views.generic.base import TemplateView
 from django.views.generic.list import ListView
-from django.views.generic.edit import CreateView, DeleteView, UpdateView
+from django.views.generic.edit import CreateView, DeleteView, UpdateView, FormView
 from django.views.generic.detail import DetailView
 
 from common.utils import get_object_or_none
@@ -26,6 +31,43 @@ from .utils import AdminUserRequiredMixin, user_add_success_next, send_reset_pas
 logger = logging.getLogger('jumpserver.users.views')
 
 
+@method_decorator(sensitive_post_parameters(), name='dispatch')
+@method_decorator(csrf_protect, name='dispatch')
+@method_decorator(never_cache, name='dispatch')
+class UserLoginView(FormView):
+    template_name = 'users/login.html'
+    form_class = UserLoginForm
+    redirect_field_name = 'next'
+
+    def get(self, request, *args, **kwargs):
+        if request.user.is_staff:
+            return redirect(request.POST.get(self.redirect_field_name, reverse('index')))
+        return self.render_to_response(self.get_context_data(**kwargs))
+
+    def form_valid(self, form):
+        auth_login(self.request, form.get_user())
+        return redirect(self.request.POST.get(self.redirect_field_name, reverse('index')))
+
+
+@method_decorator(never_cache, name='dispatch')
+class UserLogoutView(TemplateView):
+    template_name = 'common/flash_message_standalone.html'
+
+    def get(self, request, *args, **kwargs):
+        auth_logout(request)
+        return super(UserLogoutView, self).get(request)
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'title': _('Logout success'),
+            'messages': _('Logout success, return login page'),
+            'redirect_url': reverse('users:login'),
+            'auto_redirect': True,
+        }
+        kwargs.update(context)
+        return super(UserLogoutView, self).get_context_data(**kwargs)
+
+
 class UserListView(AdminUserRequiredMixin, ListView):
     model = User
     paginate_by = settings.CONFIG.DISPLAY_PER_PAGE