Closed MGerrior closed 4 years ago
I’m curious about the choice to use delete here. I wonder if, even though the session is “deleted” it still makes sense for a standard POST request
I'm down with whatever, I've always used DELETE to refer to deleting the session as you mentioned. I tried googling around, doesn't appear to be a huge consensus one way or another. It was a GET before which semantically is not correct either. IMO since there's no body, it's not really a POST since you're not POSTing any data to the server, you're just expiring the session.
Addresses concerns in Issue #36 and makes the logout more RESTful...
I didn't test in Heroku per se, but was able to reproduce locally by using
npm run build
in the client folder to build a production version of the assets, and then just running the express server on the backend, so I fixed it based on that. It should work the same as Heroku, the issue was locally we have the front-end app running on port 3000 and intercepting everything, without it direct requests to /login were going to the server-side login page I used when first doing the implementation.I also made logout more RESTful because why not.