id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
7989	Logout view should require POST request	Joost Cassee		"This ticket assumes that the mantra ""GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval"" is to be taken seriously and applied consistently. See for example ticket #3651.

The documentation on authentication suggests a logout view that takes a GET request ('How to log a user out'). Additionally, the django.contrib.auth.views.logout generic view accepts a GET request. This seems to go against the above principle, as it changes the internal state of the application.

Please consider a change for logout similar to the patch from ticket #3651. I am willing to do it myself if this ticket is accepted."	Uncategorized	closed	contrib.auth	dev	Normal	duplicate	authentication	joost@…	Design decision needed	0	0	0	0	0	0