Simon Willison’s Weblog

Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request?

My answer to Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request? on Quora

Probably because if you implement logout as a GET action, I can force you to log out of a site by tricking you in to visiting a page with an <img src="http://yoursite.com/logout/" width="1" height="1"> element on it.

This is Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request? by Simon Willison, posted on 16th October 2010.

Tagged , , , ,

Next: What is the best way to hire Solr developers?

Previous: Did you mean rel=shortlink vs. rel=shorturl?