- changed status to open
Session - 3.2 Session Management Endpoints: GET or POST?
Issue #35
resolved
The text says:
{{{ Authorization servers MUST support the use of the HTTP "GET" method as define in RFC 2616 }}}
(besides the typo: s/define/defined/) Do we really want it to support "GET"? Would it not leak the session? Should it not be POST?
Comments (4)
-
-
-
assigned issue to
Session management under review.
-
assigned issue to
-
- changed status to on hold
Session management is on hold
-
- changed status to resolved
This issue is almost certainly defunct, because the spec has been rewritten. John, if you believe there is still an issue, please reopen and add comments.
- Log in to comment
Make at least POST required.