Level 104
Why would you want the user to visit the link directly? The Route is a POST request for a reason!
We use a POST request to avoid the browser prefetching links on a webpage that would inadvertently logout the user's session
Apr 12, 2024
8
Level 1
Laravel 11 - logout - POST
i used form with post method to logout, and this is my route : Route::post('logout', [SessionsController::class, 'destroy'])->middleware('auth'); and it works correctly, however i have a problem when i try to enter the url manually like this "127.0.0.1:8000/logout" instead of clicking the button, so laravel handle it as GET request gives me error : The GET method is not supported for route logout. Supported methods: POST, so how can i handle this if a user enter the url manually instead of clicking the button ?
Level 1
@tykus I do not want him to do that, i only want to handle this if he did this behavior, by response with 403 FORBIDDEN.
Level 104
@AbdelrahmanFathy if this really matters to you; use the Exception Handler to catch theMethodNotAllowedHttpException.
1 like
Level 50
then define a get route and return forbidden;)
Route::get('/logout', function () {
abort(403);
});
1 like
Level 122
So nice that you care about the user experience of people trying to abuse your site.
2 likes
Level 3
@abdelrahmanfathy it should work by defining a new GET route:
Route::get('logout', [SessionsController::class, 'destroy'])->middleware('auth');
Please or to participate in this conversation.