Log Off should use POST #61
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The log off links currently generated by the Fluid tags and in the admin area use the HTTP
GETverb (i.e., a normal link). However, there are several reasons why "log off" should be implemented withPOSTinstead.GETrequests are supposed to be idempotent (they can be called over and over again with the same result). While this could be interpreted as "at the end of the request, there is no logged on user", logging off does change the state of the user's session, and can lead to otherGETrequests (those that require the user be logged on) returning different (non-idempotent) results.GET) logs the user off in a misguided effort to help them be more productive.Both the Fluid tag and the admin area should generate a
formwhich submits aPOSTrequest to/user/log-offrather than aGET.