Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs(examples): with-iron-session logout must be called via POST #22240

Merged
merged 4 commits into from
Apr 20, 2021
Merged

docs(examples): with-iron-session logout must be called via POST #22240

merged 4 commits into from
Apr 20, 2021

Conversation

vvo
Copy link
Member

@vvo vvo commented Feb 16, 2021

  1. Logout is better called in a POST request (avoids caching in most situations + avoids weird CSRF "logout attacks", i.e. can't be logged out by clicking on an email link)
  2. We should wait for logout to complete before mutating the user, otherwise some weird race conditions might prevent swr to catch the right logged out state

@vvo
docs(examples): with-iron-session logout must be called via POST (and…
13e4e15 
… awaited)

1. Logout is better called in a POST request (avoids caching in most situations + avoids weird CSRF "logout attacks", i.e. can't be logged out by clicking on an email link)
2. We should wait for logout to complete before mutating the user, otherwise some weird race conditions might prevent swr to catch the right logged out state
@ijjk ijjk added the examples Issue was opened via the examples template. label Feb 16, 2021
leerob
leerob previously approved these changes Apr 20, 2021
View reviewed changes
@leerob
Copy link
Member

leerob commented Apr 20, 2021

Actually, looks like linting is failing. Would you mind fixing?

@vvo vvo requested review from divmain and shuding as code owners April 20, 2021 06:58
@vvo
Copy link
Member Author

vvo commented Apr 20, 2021

@leerob thanks, all good now

@kodiakhq kodiakhq bot merged commit 84e47b8 into vercel:canary Apr 20, 2021
@vvo vvo deleted the patch-2 branch April 20, 2021 16:11
SokratisVidros pushed a commit to SokratisVidros/next.js that referenced this pull request Apr 21, 2021
@vvo @SokratisVidros
docs(examples): with-iron-session logout must be called via POST (ver…
1d15471 
…cel#22240)

1. Logout is better called in a POST request (avoids caching in most situations + avoids weird CSRF "logout attacks", i.e. can't be logged out by clicking on an email link)
2. We should wait for logout to complete before mutating the user, otherwise some weird race conditions might prevent swr to catch the right logged out state
@vercel vercel locked as resolved and limited conversation to collaborators Jan 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@leerob leerob leerob approved these changes

@chibicode chibicode Awaiting requested review from chibicode

@ijjk ijjk Awaiting requested review from ijjk

@lfades lfades Awaiting requested review from lfades

@Timer Timer Awaiting requested review from Timer

@timneutkens timneutkens Awaiting requested review from timneutkens

@divmain divmain Awaiting requested review from divmain

@shuding shuding Awaiting requested review from shuding

Assignees
No one assigned
Labels
examples Issue was opened via the examples template.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vvo @leerob @ijjk