Simon Willison’s Weblog

Subscribe

Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request?

16th October 2010

My answer to Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request? on Quora

Probably because if you implement logout as a GET action, I can force you to log out of a site by tricking you in to visiting a page with an <img src="http://yoursite.com/logout/" width="1" height="1"> element on it.

Posted 16th October 2010 at 11:47 am · Follow me on Mastodon, Bluesky, Twitter or subscribe to my newsletter

More recent articles

This is Why do some websites implement their logout link as a form post via JavaScript versus a plain old GET request? by Simon Willison, posted on 16th October 2010.

Next: What is the best way to hire Solr developers?

Previous: Did you mean rel=shortlink vs. rel=shorturl?

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe