Haha I remember that. The solution at the time for many forum admins was to simply state that anyone found to be doing that would be permabanned. Which was enough to make it stop completely, at least for the forums that I moderated. Different times indeed.

Or you could just make the logout route POST-only. Problem solved.

It's essentially the same, as many apps use HTTP server + html client instead of something native or with another IPC.