Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

_chris's avatar

auth logout post

I have just realised that the basic auth scaffolding that comes with laravel has logout as a GET request instead of a POST. From what I have read, logout requests should really be POST. I am just wondering if there is a particular reason it is GET instead?

0 likes
8 replies
SaeedPrez's avatar

Logout is usually a normal link and it doesn't require any parameters, hence a GET request.

What would you suggest are the benefits of having logout as a POST request?

SaeedPrez's avatar

Maybe that was a problem back in 2013 - I can't say if it was and if so how common it was - but I'm using Chrome with prediction enabled and I've never noticed being logged out of a website unwillingly

Also if that is such a big problem, there should be plenty of posts about it, try search the forum..

_chris's avatar

@SaeedPrez I know! That's why I created a post! I also don't see it as particularly big deal, I just understood it to be standard practice nowadays to make the logout a POST and wondered why it wasn't.

SaeedPrez's avatar

@_chris there are 9999999999 things to think/worry about when building a web application today, this is just one of them. We have to identify our needs and prioritize and not worry about every small detail. Especially when using such an awesome framework like Laravel which takes care of a lot of those worries out of the box.

If and when it ever becomes a problem that your visitors get logged out because of browser prediction, then you can worry about and spend time on refactoring your logout GET to POST.

Swaz's avatar

@_chris Laravel 5.3's default auth scaffolding uses POST to logout.

1 like
SaeedPrez's avatar

@Swaz I'm just trying out Larave 5.3 and you're right, seems they've gone over to POST..

<ul class="dropdown-menu" role="menu">
    <li>
        <a href="http://localhost/logout"
            onclick="event.preventDefault();
                     document.getElementById('logout-form').submit();">
            Logout
        </a>

        <form id="logout-form" action="http://localhost/logout" method="POST" style="display: none;">
            <input type="hidden" name="_token" value="Dii8Bw8OYU9slobl41Hhe1ji4g7zQSAW9ItPX094">
        </form>
    </li>
</ul>

Edit: Found the pull request, only problem seems to be that it requires JavaScript to be enabled the way Laravel has it setup.

Swaz's avatar

@SaeedPrez You could use a regular submit button instead of javascript. And then maybe add some css to remove any default submit button styling.

<ul class="dropdown-menu" role="menu">
    <li>
        <form action="http://localhost/logout" method="POST">
            <input type="hidden" name="_token" value="Dii8Bw8OYU9slobl41Hhe1ji4g7zQSAW9ItPX094">
            <button type="submit" class="remove-button-styles">Logout</button>
        </form>
    </li>
</ul>
1 like

Please or to participate in this conversation.