changed logout to be more fault tolerant

lam/lib/security.inc

@@ -79,8 +79,13 @@ function startSecureSession($redirectToLogin = true, $initSecureData = false) {
 	if (! isset($_SESSION["sec_session_id"]) || ($_SESSION["sec_session_id"] != session_id())) {
 		// session id is invalid
 		logNewMessage(LOG_WARNING, "Invalid session ID, access denied (" . getClientIPForLogging() . ")");
+		if ($redirectToLogin) {
+			logoffAndBackToLoginPage();
+		}
+		else {
 			die();
 		}
+	}
 	// check if client IP has not changed
 	if (!isset($_SESSION["sec_client_ip"]) || ($_SESSION["sec_client_ip"] != $_SERVER['REMOTE_ADDR'])) {
 		// IP is invalid

lam/templates/logout.php

@@ -44,14 +44,15 @@ include_once("../lib/ldap.inc");
 
 // start session
 startSecureSession();
-enforceUserIsLoggedIn();
 
 // log message
+if (isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] === true)) {
 	$ldapUser = $_SESSION['ldap']->decrypt_login();
 	logNewMessage(LOG_NOTICE, 'User ' . $ldapUser[0] . ' logged off.');
 
 	// close LDAP connection
 	@$_SESSION["ldap"]->destroy();
+}
 
 setlanguage();