Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request?
16th October 2010
My answer to Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request? on Quora
Probably because if you implement logout as a GET action, I can force you to log out of a site by tricking you in to visiting a page with an <img src="http://yoursite.com/logout/" width="1" height="1"> element on it.
More recent articles
- Claude can write complete Datasette plugins now - 8th October 2025
- Vibe engineering - 7th October 2025
- OpenAI DevDay 2025 live blog - 6th October 2025