Add option in settings to use either GET or POST on logouts

[9mido]

trafficstars

This github project currently uses GET to logout the user from their session. This may be convenient, but may not be the best approach and might actually be 'dangerous' as the server may not realize that the user has logged out.

https://softwareengineering.stackexchange.com/questions/188860/why-shouldnt-a-get-request-change-data-on-the-server https://stackoverflow.com/questions/3521290/logout-get-or-post https://code.djangoproject.com/ticket/15619 https://readthedocs.org/projects/django-allauth/downloads/pdf/latest/ (see section 4.3 configuration ACCOUNT_LOGOUT_ON_GET)

I recommend either changing this project to use POST completely or provide the user the option to use either POST or GET in their settings.

Maybe also include a way to automatically navigate to /accounts/logout/ in allauth for example and click the sign out button which in my project is using POST to logout because the user physically clicks the logout button and this change gets POSTed to the server so that the server is on the same page as the client.