Logout should be a POST request (at least make it configurable)

[slominskir]

There are some good arguments for making logout requests use the POST method. See: http://stackoverflow.com/questions/3521290/logout-get-or-post

[slominskir]

Making the keepAliveUrl method configurable would be nice too. The current method, POST for keepAlive is counter-intuitive since this request is supposed to be innocuous.

[benkiefer]

+1, any chance this is coming soon?

[benkiefer]

One more request while we're talking about adding post support...

Can we get the option to submit the post with additional request parameters? I'm using Spring Security w/ CSRF protection and need to send the csrf nonce with the logout post.

[rubensgomes]

Support for submitting a POST when session times out is actually required by the Spring Security CSFR code. Do you think that POST support could be implemented anytime soon?