Bear Bibeault wrote:"sensitive data" is never a criteria for deciding whether to use a POST or a GET. A POST is no more "secure" than a GET.
Right, I appreciate your point about the choice of
Http method only not sufficient to make the request secure.
But quoting from HFSJ:
"The data you send with the GET is appended to the URL up in the browser bar, so whatever you send is exposed. Better not put a password or some other sensitive data as part of a GET!"
So going back to the original question, would a GET method suffice for a "logout" scenario?