Curious how others here would represent these in a REST architecture.
/users/login/
/users/logout/
These endpoints set up the session to login in the user, or clear it, respectively. My gut says POST, but I'm not in fact creating an object.
Asked
Active
Viewed 2.7k times
40
-
2See also: http://stackoverflow.com/q/2001773/165674 – Dheeraj Vepakomma Nov 05 '13 at 05:32
-
For logout, it is discussed in length at http://stackoverflow.com/q/3521290/873282 (with the same result) – koppor Feb 19 '17 at 23:54
-
1Possible duplicate of [Logout: GET or POST?](https://stackoverflow.com/questions/3521290/logout-get-or-post) – Elias Zamaria Sep 13 '17 at 16:34
-
POST doesn't have to create a new resource. It just sends data to the server. What the server does with this data is up to the server. – Ron Inbar Dec 24 '20 at 15:51
2 Answers
61
You should use POST - using GET for these actions can lead to issues with browser prefetching and search engine spidering. See (1, 2)
Community
- 1
- 1
Yaakov Ellis
- 40,752
- 27
- 129
- 174
-
Concise, it was not necessary to make a research on it. Thanks – technology_dreamer May 23 '15 at 19:47
-
Yes, `POST` sounds like the most rational option for a logout request and is what I would consider by default, however, doesn't `POST` mean "create"? What form-data would you be sending for a logout request with `POST`? A `DELETE` request would hardly be suitable either unless you have something like `DELETE /session/{id}`. `PUT` would mean we're replacing something, so that's out of the question. What are your thoughts on `PATCH`? – undefined Mar 06 '21 at 10:01
-5
maybe CONNECT? MDN says:
The HTTP CONNECT method starts two-way communications with the requested resource. It can be used to open a tunnel.
as login means maintaining a session between browser and server, CONNECT method makes the most sense.
xosg
- 89
- 1
- 6