Description
Request URIs:
DELETE /user/{username}/session DELETE /user/{username}/session?exclude={token}
shall delete all sessions maintained for the specified user. This effectively logs them out everywhere.
If an exclude parameter is provided, presumably using the token in the current browser, then that session (if it exists) is excluded. If it does not exist, there is no error.
Response status:
- 404 Not Found - if the user does not exist
- 205 Reset Content - otherwise (and no body content is returned)
If you insist on maintain the terrible URI formats for user resources, they'll have to look like this:
DELETE /user/session?username={username} DELETE /user/session?username={username}&exclude={token}