Level 67
get requests don't validate csrf tokens, so they're less secure.
1 like
Oct 22, 2018
8
Level 4
Difference between logout POST and GET method
So I am aware that laravel had GET method for logout until the release of 5.3. Of course we can still use the GET method though the default scaffold creates a form with a POST method. What I want to know is what is the better way? What are the flaws of using GET and Advantages of using POST.
Also, If I write domain.com/logout, It gives me the good old MethodNotAllowed error. And We know why. That is why I wanted to change to GET method but I want to know the difference between having the POST and GET method.
Level 4
@Cronix Yeah forgot about that. So what about the method not allowed? How can I not get method not allowed on blank /logout form post?
Level 67
How can I not get method not allowed on blank /logout form post?
What do you mean? If it's in a form using post method and sending csrf token there shouldn't be an issue.
Level 4
If i go to example.com/logout, without being logged in and just going to that url gives me 405 method not allowed. There is no session to end basically. I’m just typing /logout on the url and giving me 405.
Level 67
anything you type in the address bar issues a get request. That's how browsers work. Who cares if you get the error if you manually type it? You'll get one if you manually type any address that is meant to respond to a post/put/patch/delete request. Use the logout form on the page that you should be displaying only to users who are logged in.
Level 4
Ok thanks for the suggestion.
Level 67
Is your question answered on what the difference between post/get logout is?
Level 4
Yes. All the above questions has been answered. On mobile. Will accept once logged in from pc.
Please or to participate in this conversation.