From 9a5ea26777046ec518d16e6efcbbdac8bb6fd8d7 Mon Sep 17 00:00:00 2001
From: Roland Gruber <post@rolandgruber.de>
Date: Mon, 27 Feb 2017 19:25:47 +0100
Subject: [PATCH] changed logout to be more fault tolerant

---
 lam/lib/security.inc     |  7 ++++++-
 lam/templates/logout.php | 11 ++++++-----
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/lam/lib/security.inc b/lam/lib/security.inc
index 5213ab8e..925098a1 100644
--- a/lam/lib/security.inc
+++ b/lam/lib/security.inc
@@ -79,7 +79,12 @@ function startSecureSession($redirectToLogin = true, $initSecureData = false) {
 	if (! isset($_SESSION["sec_session_id"]) || ($_SESSION["sec_session_id"] != session_id())) {
 		// session id is invalid
 		logNewMessage(LOG_WARNING, "Invalid session ID, access denied (" . getClientIPForLogging() . ")");
-		die();
+		if ($redirectToLogin) {
+			logoffAndBackToLoginPage();
+		}
+		else {
+			die();
+		}
 	}
 	// check if client IP has not changed
 	if (!isset($_SESSION["sec_client_ip"]) || ($_SESSION["sec_client_ip"] != $_SERVER['REMOTE_ADDR'])) {
diff --git a/lam/templates/logout.php b/lam/templates/logout.php
index 70d3a993..876b228a 100644
--- a/lam/templates/logout.php
+++ b/lam/templates/logout.php
@@ -44,14 +44,15 @@ include_once("../lib/ldap.inc");
 
 // start session
 startSecureSession();
-enforceUserIsLoggedIn();
 
 // log message
-$ldapUser = $_SESSION['ldap']->decrypt_login();
-logNewMessage(LOG_NOTICE, 'User ' . $ldapUser[0] . ' logged off.');
+if (isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] === true)) {
+	$ldapUser = $_SESSION['ldap']->decrypt_login();
+	logNewMessage(LOG_NOTICE, 'User ' . $ldapUser[0] . ' logged off.');
 
-// close LDAP connection
-@$_SESSION["ldap"]->destroy();
+	// close LDAP connection
+	@$_SESSION["ldap"]->destroy();
+}
 
 setlanguage();