Hi Justin, > This is obviously not backwards compatible. I'm unclear on the use case for > configurability as logout is idempotent.
judging from the respective sending times your mail might have been sent before you read Antonio's explanation about the <img> attack. I think if Sling itself does not change the defaults at least Sling users should be able to do so. (+1 on making this configurable) Personally, I think security problems allow for API changes (at least of this scope), so I would even change the default in Sling. Michael
