there is this exploit where you link an image with the url https://replit.com/logout and it will logout. if the only allowed method is POST this will become more secure and less annoying and most of the logout exploits will be stopped