I'm building a web app and just working on the logout functionality (simple session unset / meta refresh/redirect code on logout.php)

Possible a simple question (though I've hunted around on Google to no avail), but for the logout button on the site, is there any benefit in using a form that submits to logout.php vs a button graphic with an a href that links to the same page?

Functionally, they both seem to work the same, but is there any potential security issue etc?

Thanks heaps!

Accepted Answer

There are two things that miiiight be relevant here:

  1. If it's a form and it POSTs instead of GETting, you will need to redirect to get around the usual browser back button + POST data unpleasantness. Of course you already mention redirecting, so this is probably not relevant.
  2. Since HTTP GET requests are supposed to be idempotent, "the right way" to do it should be with POST, which means a form. However, this kind of argument lacks practical justification. You should be just fine with links unless some ill-behaved and/or misconfigured browser addon decides to make life difficult for your users.

In essence, there should be no practical difference.

Written by Jon
This page was build to provide you fast access to the question and the direct accepted answer.
The content is written by members of the stackoverflow.com community.
It is licensed under cc-wiki