If the $shib_AssertionConsumerServiceURL wasn't set or it was empty, the variable
didn't initialized properly when we assembled the logout url.

Fix bug: in a previous commit (82e34a0a), $shib_WAYF unintendedly replaced
when we assembled the login URL so the configuration variable had no effect
(credits to @scolytus, thanks!)

After upgraded to PHP 5.4 the extension broke with fatal error, I think caused by this: http://www.php.net/manual/en/language.references.pass.php

bugfix: force logout if there is only MW session user: prevent incostintent state when there's no Shib session