6 files changed, 35 insertions, 9 deletions
diff --git a/app/controllers/account_controller.rb b/app/controllers/account_controller.rb
index 281e44b82..a89c22373 100644
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@@ -38,8 +38,13 @@ class AccountController < ApplicationController
 
   # Log out current user and redirect to welcome page
   def logout
-    logout_user
-    redirect_to home_url
+    if User.current.anonymous?
+      redirect_to home_url
+    elsif request.post?
+      logout_user
+      redirect_to home_url
+    end
+    # display the logout form
   end
 
   # Lets user choose a new password
diff --git a/app/views/account/logout.html.erb b/app/views/account/logout.html.erb
new file mode 100644
index 000000000..309597603
--- /dev/null
+++ b/app/views/account/logout.html.erb
@@ -0,0 +1,3 @@
+<%= form_tag(signout_path) do %>
+  <p><%= submit_tag l(:label_logout) %></p>
+<% end %>
diff --git a/lib/redmine.rb b/lib/redmine.rb
index 5b09b77b8..ad248c14f 100644
--- a/lib/redmine.rb
+++ b/lib/redmine.rb
@@ -208,7 +208,7 @@ Redmine::MenuManager.map :account_menu do |menu|
   menu.push :login, :signin_path, :if => Proc.new { !User.current.logged? }
   menu.push :register, :register_path, :if => Proc.new { !User.current.logged? && Setting.self_registration? }
   menu.push :my_account, { :controller => 'my', :action => 'account' }, :if => Proc.new { User.current.logged? }
-  menu.push :logout, :signout_path, :if => Proc.new { User.current.logged? }
+  menu.push :logout, :signout_path, :html => {:method => 'post'}, :if => Proc.new { User.current.logged? }
 end
 
 Redmine::MenuManager.map :application_menu do |menu|
diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb
index 5a11dbaa2..0f9ae8eed 100644
--- a/test/functional/account_controller_test.rb
+++ b/test/functional/account_controller_test.rb
@@ -80,9 +80,18 @@ class AccountControllerTest < ActionController::TestCase
     assert_response 302
   end
 
-  def test_logout
+  def test_get_logout_should_not_logout
     @request.session[:user_id] = 2
     get :logout
+    assert_response :success
+    assert_template 'logout'
+
+    assert_equal 2, @request.session[:user_id]
+  end
+
+  def test_logout
+    @request.session[:user_id] = 2
+    post :logout
     assert_redirected_to '/'
     assert_nil @request.session[:user_id]
   end
@@ -91,7 +100,7 @@ class AccountControllerTest < ActionController::TestCase
     @controller.expects(:reset_session).once
 
     @request.session[:user_id] = 2
-    get :logout
+    post :logout
     assert_response 302
   end
 
diff --git a/test/functional/welcome_controller_test.rb b/test/functional/welcome_controller_test.rb
index d760046d0..94a99c223 100644
--- a/test/functional/welcome_controller_test.rb
+++ b/test/functional/welcome_controller_test.rb
@@ -85,6 +85,13 @@ class WelcomeControllerTest < ActionController::TestCase
       :content => %r{warnLeavingUnsaved}
   end
 
+  def test_logout_link_should_post
+    @request.session[:user_id] = 2
+
+    get :index
+    assert_select 'a[href=/logout][data-method=post]', :text => 'Sign out'
+  end
+
   def test_call_hook_mixed_in
     assert @controller.respond_to?(:call_hook)
   end
diff --git a/test/integration/routing/account_test.rb b/test/integration/routing/account_test.rb
index d06d991ee..5b59a6220 100644
--- a/test/integration/routing/account_test.rb
+++ b/test/integration/routing/account_test.rb
@@ -25,10 +25,12 @@ class RoutingAccountTest < ActionController::IntegrationTest
           { :controller => 'account', :action => 'login' }
         )
     end
-    assert_routing(
-        { :method => 'get', :path => "/logout" },
-        { :controller => 'account', :action => 'logout' }
-      )
+    ["get", "post"].each do |method|
+      assert_routing(
+          { :method => method, :path => "/logout" },
+          { :controller => 'account', :action => 'logout' }
+        )
+    end
     ["get", "post"].each do |method|
       assert_routing(
           { :method => method, :path => "/account/register" },