> DELETE session probably has the wrong semantics for the way most systems implement sessions and logins.

I prefer to view HTTP method selection based on the logic from the "user side" rather than the implementation from the "system side".

Obviously, though, there are different ways of looking at this, and no One True Way.