[Solar-talk] [Solar_User_Auth] Logout action: $_POST vs. $_GET
Antti Holvikari
anttih at gmail.com
Wed May 10 01:01:45 PDT 2006
On 5/9/06, Paul M Jones <pmjones at solarphp.com> wrote:
>
> On May 9, 2006, at 1:12 PM, Antti Holvikari wrote:
>
> > On 5/9/06, Paul M Jones <pmjones at solarphp.com> wrote:
> >> On May 9, 2006, at 10:59 AM, Antti Holvikari wrote:
> >>
> >> > Any chance it could be possible to also support logout requests
> >> coming
> >> > in as $_GET? I haven't really seen any websites using Sign out
> >> > -buttons. I'd prefer a link "Sign out" :-). Is it just me?
> >>
> >> Strictly speaking, GET should not perform actions with side-effects,
> >> and logging out is clearly a side-effect. ;-)
> >>
> >> That aside, I have no strong objection to adding a config key called
> >> 'via' or 'source' in Solar_User_Auth to specify how login attempts
> >> should be processed ("'via' => 'get'" or "'source' => 'post'").
> >> Then, for consistency, I'd have to rename the 'post_*' keys to
> >> 'via_*' or 'source_*'.
> >>
> >> Comments?
> >
> > +1 for 'source_'!
> >
> > I understand your point of the side-effect, but design-wise it's hard
> > to stick submit buttons into menus.
>
> Good point about menus. A bit of JavaScript magic would to the trick
> there, but that's hardly a straightforward solution, and I want
> simple stuff.
>
> Any other comments?
One bad thing is that all the forms displayed after the logout action
need to remove logout (or whatever it will be) from their action uri
(they use REQUEST_URI by default) because otherwise all the forms will
perform a logout again. This happens for example when I do a sign out
and then right after that try to log in again. The POST request goes
to *?logout=whatever.
What are you planning to use for the $_GET param's value? Wouldn't it
be enough that it is just set to something other than strlen() == 0.
--
Antti Holvikari <http://antti.dotgeek.org/blog>
Zend Certified Engineer (ZCE)
More information about the solar-talk
mailing list