Logout immediately after clicking "logout"

[MrMinos]

Currently after clicking "Logout" under the dropdown menu on ocfweb, you need to click logout again on this following screen.

I am not sure if there is a reason why we have this scheme of things, but this seems like a bad user experience, especially most websites log you out immediately on a single click.

[jvperrin]

This is to prevent accidentally clicking it and logging out of your whole session and losing whatever you were working on. Most websites are less state than a whole desktop login (which can include multiple website logins for instance). I'd agree it's not great because people are left accidentally logged in due to this, but I think if we made this single-click we'd have to make it harder to hit by accident at the same time.

[kpengboy]

@jvperrin Minos is talking about the log out button on ocfweb, not on the desktop environment.

I believe the purpose of having a separate button was to provide some CSRF protection. But there are better ways to implement this; for example GitHub's logout link logs you out on clicking it, but if you try to navigate to the logout URL directly you get a page with a log out button you have to click.