I've had a couple cases where browser link pre-fetching triggered an unintended logout from my Django app (I haven't fully tracked down the exact combination of triggering conditions, but I suspect they similar to Israel Brewster's CherryPy issue mentioned on comp.lang.python [1]) and was surprised that Django suffered the same issue.
Researching, I found https://code.djangoproject.com/ticket/15619 but see that it was last modified ~10mo ago, having been opened ~4yrs ago. The current (development HEAD from git) versions of django/contrib/auth/views.py:logout() django/contrib/auth/__init__.py:logout() still don't seem to contain any checks to ensure logouts can only happen via POST rather than GET requests. Is there any movement forward on resolving this so my browser doesn't inconveniently boot me from the app when I don't intend to log out? -tkc [1] https://mail.python.org/pipermail/python-list/2014-December/682106.html . -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to django-developers@googlegroups.com. Visit this group at http://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/20141203160459.1ee6d9f8%40bigbox.christie.dr. For more options, visit https://groups.google.com/d/optout.