MDL-9824 do not use sesskey check when user already logged out in logout.php; merged...

diff --git a/login/logout.php b/login/logout.php
index 2d8c0e5ac49df990e3715ec75b25889c6e1d9345..0d9e4842c6b00fb211558c6c15c0f7873fb506f2 100644 (file)
--- a/login/logout.php
+++ b/login/logout.php
@@ -8,7 +8,12 @@
 
     $sesskey = optional_param('sesskey', '__notpresent__', PARAM_RAW); // we want not null default to prevent required sesskey warning
 
-    if (!confirm_sesskey($sesskey)) {
+    if (!isloggedin()) {
+        // no confirmation, user has already logged out
+        require_logout();
+        redirect($redirect);
+
+    } else if (!confirm_sesskey($sesskey)) {
         print_header($SITE->fullname, $SITE->fullname, 'home');
         notice_yesno(get_string('logoutconfirm'), 'logout.php', $CFG->wwwroot.'/', array('sesskey'=>sesskey()), null, 'post', 'get');
         print_footer();