Why did you make GET/logout?

trailsjs / sails-auth

Passport-based User Authentication system for sails.js applications. Designed to work well with the sails-permissions module.

https://www.npmjs.org/package/sails-auth

MIT License

266 stars 141 forks source link

Open kulakowka opened 9 years ago

kulakowka commented 9 years ago

Explain me why did you make logout using GET /logout ?

It's not safe. Anyone malefactor can insert a picture <img src="http://yousite.com/logout" /> and your users will logged out.

It may be better to do POST /logout?

Ziao commented 8 years ago

Agreed

frenchbread commented 7 years ago

Any update on this one?