Don't want to open another topic, so I'll put it here.
From Auth.controller.php:
elseif (!empty($_SESSION['logout_url']) && (strpos('http://', $_SESSION['logout_url']) === false && strpos('https://', $_SESSION['logout_url']) === false))
headscratch
shouldn't be:
strpos($_SESSION['logout_url'], 'http://')
and
strpos($_SESSION['logout_url'], 'https://')