Hacker News new | past | comments | ask | show | jobs | submit login

DELETE session probably has the wrong semantics for the way most systems implement sessions and logins. PATCHing it to closed is a better match. POSTing with the user id to a URL for closing sessions is the best fit for how we usually do things. There's a reason why most systems are implementing this with POST instead of PATCH.



> DELETE session probably has the wrong semantics for the way most systems implement sessions and logins.

I prefer to view HTTP method selection based on the logic from the "user side" rather than the implementation from the "system side".

Obviously, though, there are different ways of looking at this, and no One True Way.


> There's a reason why most systems are implementing this with POST instead of PATCH

You mean reasons like browsers not supporting anything but POST and GET?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: