DELETE url

Mark Wieder ahsoftware at sonic.net
Fri Jul 5 22:07:19 EDT 2019


On 7/5/19 6:13 PM, Dar Scott Consulting via use-livecode wrote:
> And an aside. Off topic.
> 
> I guess I am old-school. I know it is the fad, but using DELETE to logout seems goofy. Yeah, you can make a URL that looks like a session and you are deleting the session. But it seems that is like using HEAD to indicate what direction you are going or OPTIONS to set up options.
> 
> I know. I'm a cranky curmudgeon. I survive by recognizing that this is no longer HTTP, but a wolf in sheep's clothing to get past firewalls, a whole new protocol where we make it up as we go.
> 
> Now, given that, and I join the 21st century, DELETE returns a status code and an optional content. The status code is normally 204 (but maybe 205, which might be appropriate for log out) when no content is returned or 200 if content is returned. If the item is not there, the same applies, but perhaps 404 or 410 can also apply. If DELETE is used to mean logout, then the session is permanently gone and 410 on a repeat is appropriate. A 303 is OK (content is URL), but is probably handled by the underlying library.
> 
> Now, for proper symmetry, if DELETE is used to log out, then PUT must be used to log in. Both are idempotent, so logging in multiple times should be OK and logging out multiple times should be OK.  That is, a login returns 200 and a logout returns 204.  Every time.
> 
> I have not seen it implemented that way. We play the hands we are dealt.

RFC 2616 describes only three possible responses to a DELETE verb:
200: the response includes an entity describing the status
202: the action has not yet been enacted
204: the action has been enacted but there is no status entity

Idempotence appears to be optional. RFC2616 states that certain verbs 
"can" have this property. That said, not all servers or web apps support 
the DELETE verb - there's usually an option to enable/disable it.

And I'm with you on the weirdness of using DELETE to log out. Bleah.

But to Jacque's point, see this:
<https://stackoverflow.com/questions/10338615/sending-http-delete-request-in-android>

-- 
  Mark Wieder
  ahsoftware at gmail.com




More information about the use-livecode mailing list