When you write ReST-style applications there are certain URLs which don’t respond to a GET. Browsers don’t know which verbs are allowed on a URL so they happily send GETs.
We’ve found that this mostly happens on paths such as /session. Users bookmark the login form after a failed login and keep visiting it. Unfortunately this means that they will see an error page every time they visit your application.
One solution is to help them out and redirect to the page they were expecting to see, for example: /session/new. Another solution is to route a GET on /session to the appropriate action.