@login_required vs. user.is_authenticated

I’ve been using django for some time now and start to question some of the tutorials that I read more and more. Often, I see something like this in a template:

{% if user.is_authenticated %}
    <!-- show some really private data here -->
{% else %}
    <! show an error message here-->
    <p>These are not the droids you are searching for...<p>
{% endif %}

On the other hand, we could write the template without the if...else and then do something like this in views.py:

@login_required
def super_private_data_view(request):
    return render(request, "my_template_without_if_else.html")

My questions are… Which one is better? Which one is more secure? Or do I need to do both?

I understand that I can do neat things with user.is_authenticated in templates, eg changing options in a navbar etc depending on if a user is logged in or not, but that is of course a different topic. Doing @login_required and {% if user.is_authenticated %} at the same time seems to me like writing redundant code that will never be executed (the {%else %} part) Or am I missing some important security concerns here?

Greetings
André

They perform two different purposes. Usually, you would use one or the other, not both in the same view. (However, there are cases where you might have a template being used in multiple places, such that some views are @login_required and some are not. I typically see this with things like page banners or menus.)

Using the @login_required means that the view will only be executed if the request coming in is authenticated. If the person is not authenticated, they will be redirected - usually to the login page.

Using the is_authenticated attribute allows the view to be executed, and the template to be rendered, but changing the contents of the response depending upon the status of that request.

This is correct in the general and default case.

Thanks for the explanation!

Greetings
André