Closed chriseaton closed 8 years ago
Destructive links like logout should never be GET. This is POST intentionally. I suspect you have js disabled and therefore the link isn't working for you? Please open an issue if you think this is a problem, but the solution is not to make a GET route for a non-idempotent request.
Hmm, why rely on JS to do something special instead of updating the logout action to be idempotent? I think it would be as simple as wrapping the session clear with an if (isAuthenticated) { or something.
I'll put discussion of whether it is a good idea over on the issue.
Fixed issue where the "logout" link fails to redirect because the GET method route for users/logout doesn't exist.