Which HTTP method should Login and Logout Actions use in a “RESTful” setup

Question

Curious how others here would represent these in a REST architecture.

/users/login/
/users/logout/

These endpoints set up the session to lo

Answer 1

maybe CONNECT? MDN says:

The HTTP CONNECT method starts two-way communications with the requested resource. It can be used to open a tunnel.

as login means maintaining a session between browser and server, CONNECT method makes the most sense.

Answer 2

You should use POST - using GET for these actions can lead to issues with browser prefetching and search engine spidering. See (1, 2)