logout HTTP method should be POST, not GET.

[fisx]

[irc]

16:52 < npou> should the logout path be a POST only ?
16:52 < andorp> i don't think so
16:53 < andorp> It is a link on every page
16:53 < andorp> for that reason it is a get
16:53 < npou> it is allowed for browsers (and other tools) to follow get links preamptively
16:53 < fisx> oops.
16:54 < fisx> in that case i guess post would be better.  (:
16:54 < npou> andorp: but we agree it is a bad reason
16:54 < npou> A tiny form (non DF) should work fine