Why Is Logout Done via a Form?

[wesleyboar]

Overview

1. Why is the login logout field done via a form?
2. Can logout technically be an even that occurs upon visiting a URL? ^{(So that after clicking a link or button, logout just happens.)}
3. If it must be a form, may it change
   • from [✓] Logout and [ Submit ]
   • to just [ Log out ]?

[joestubbs]

I think question 1 should read "Why is the logout field done via a form?" Assuming so, I don't see any reason to have a form at all -- I am open to removing it and making it be an event that occurs upon visiting the URL. Does that conform with how other sites do it?

[wesleyboar]

Yup, it should have said that. 🙂

That behavior conforms with how our Core Portal and Core CMS do it, and is common with many applications. _{(Click to toggle examples.)}

| portal | django cms | google | | - | - | - | | | | |

But, I did test third-party websites, and found GitHub has a Logout confirmation form.

github logout button	github logout confirmation

Websites whose logout could have unintended consequences across other applications, like Tapis, may ask you to confirm logout. I think Tapis should retain it's logout form.

[wesleyboar]

Hm, but I think I am being told (in private chat) that logout on Tapis is just a simple logout of anyone using tapis.io independently, and has no effect on client apps. If that's the case, C.J. and I would rather just not have the form. I'll report back what I learn.

[wesleyboar]

I want to propose logout form not exist, but I'm unsure of the "user experience flow" of doing so, because I don't know what steps a user takes to reach /logout endpoint, nor why.

So, for now, I'll just change the form from [✓] Logout and [ Submit ] to just [ Log out ] (and tweak messaging).

[wesleyboar]

Completed via #53.