Pergunta
In the Visual Studio OOB forms based authentication example for MVC, a postback is used when the user logs out,
https://stackoverflow.com/questions/22677694
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian@using (Html.BeginForm("LogOff", "Account", FormMethod.Post, new { id = "logoutForm" })) {
@Html.AntiForgeryToken()
<a href="javascript:document.getElementById('logoutForm').submit()">Log off</a>
}
Is there a reason why this isn't regular GET since no data is being sent back to the server?
Solução
A logout operation is not idempotent so it's good to use POST.
GET should only be used to retrieve resources. A logout is an operation and doesn't return a specific resource.
GET requests can also be cached, remain in the browser history and can be bookmarked. Some useless functionalities for a logout.
