id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 7989 Logout view should require POST request Joost Cassee "This ticket assumes that the mantra ""GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval"" is to be taken seriously and applied consistently. See for example ticket #3651. The documentation on authentication suggests a logout view that takes a GET request ('How to log a user out'). Additionally, the django.contrib.auth.views.logout generic view accepts a GET request. This seems to go against the above principle, as it changes the internal state of the application. Please consider a change for logout similar to the patch from ticket #3651. I am willing to do it myself if this ticket is accepted." Uncategorized closed contrib.auth dev Normal duplicate authentication joost@… Design decision needed 0 0 0 0 0 0