What method should I use for a login (authentication) request?

Question

I would like to know which http method I should use when doing a login request, and why? Since this request creates an object (a user session) on the server, I think it shou

Answer 1

Regarding the method for logging out:

In the Spring (Java Framework) documentation, they state that a POST request is preferred, since a GET makes you vulnerable to CSRF (Cross-Site Request Forgery) and the user could be logged out.

Adding CSRF will update the LogoutFilter to only use HTTP POST. This ensures that log out requires a CSRF token and that a malicious user cannot forcibly log out your users.

See: https://docs.spring.io/spring-security/site/docs/current/reference/html/web-app-security.html#csrf-logout

Logging in should also use POST (body can be encrypted, see the other answers).