archive/rsnext
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

docs(examples): with-iron-session logout must be called via POST (#22240)

Browse source 
1. Logout is better called in a POST request (avoids caching in most situations + avoids weird CSRF "logout attacks", i.e. can't be logged out by clicking on an email link)
2. We should wait for logout to complete before mutating the user, otherwise some weird race conditions might prevent swr to catch the right logged out state
This commit is contained in:
Vincent Voyer 2021-04-20 17:46:14 +02:00 committed by GitHub
parent 1f5f0d313a
commit 84e47b82a5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
examples/with-iron-session/components/Header.js
View file

@ -43,7 +43,10 @@ const Header = () => {
href="/api/logout"
onClick={async (e) => {
e.preventDefault()
await mutateUser(fetchJson('/api/logout'))
mutateUser(
await fetchJson('/api/logout', { method: 'POST' }),
false
)
router.push('/login')
}}
>