--- ResponseHandler.pm.orig	2008-03-05 15:28:08.000000000 +0100
+++ ResponseHandler.pm	2008-03-05 15:36:46.000000000 +0100
@@ -739,6 +739,17 @@
 		session(\%session, undef, $id);
 		$id = $session{_session_id};
 	}
+	my $app = get_app($log, $session{site}, $dbh, $session{iface} ) if ($session{site});
+
+        if (!$sso_session->{$app->{auth}} and $r->unparsed_uri =~ /vulture_app/) {
+                $r->status(200);
+                $r->content_type('text/html');
+                $r->print(auth_form($r, $app, $dbh, $id, 1, $session_referer{_session_id}));
+                return Apache2::Const::OK;
+        }
+	return Apache2::Const::OK if !$app->{auth};
+	return Apache2::Const::FORBIDDEN if (!$app);
+
 	if ($id_portail = param('Vulture_portail')) {
 		session(\%session_referer, undef, $id_portail);
 	}
@@ -759,11 +770,6 @@
 	}
 
 	# Getting all information about the application we come from
-	my $app = get_app($log, $session{site}, $dbh, $session{iface} ) if ($session{site});
-
-	return Apache2::Const::FORBIDDEN if (!$app);
-
-	return Apache2::Const::OK if !$app->{auth};
 
 	my ($is_one_time_password, $ask_pin) = one_time_password($dbh, $app);
 
@@ -906,10 +912,12 @@
 	my ($is_ssl, $sso_portal, $port) = $dbh->selectrow_array($query, undef, $r->dir_config('VultureID'));
 	my $path = $r->dir_config('VulturePath');
 
-	my ($vulture_proxy) = get_cookie($r->headers_in->{Cookie}, 'vulture_proxy=([^;]*)') if ($r->unparsed_uri !~ /vulture_logout/);
+	my ($vulture_proxy) = get_cookie($r->headers_in->{Cookie}, 'vulture_proxy=([^;]*)');
 	my %sso_session;
 	session(\%sso_session, undef, $vulture_proxy);
-	$log->debug(Dumper \%sso_session);
+	if ($r->unparsed_uri =~ /vulture_logout/) {
+                tied(%sso_session)->delete();
+        }
 	my %session_referer;
 	if (defined($r->headers_in->{'Vulture_portail'}) or $r->unparsed_uri =~ /&vulture_portail=(.*)/ or param('Vulture_portail')) {
 			$log->debug($1);
@@ -956,9 +964,15 @@
 		}
 
 		my %session;
-		my ($cookie_id) = get_cookie($r->headers_in->{Cookie}, 'vulture_app=([^;]*)') if ($r->unparsed_uri !~ /vulture_logout/);
+		my ($cookie_id) = get_cookie($r->headers_in->{Cookie}, 'vulture_app=([^;]*)');
 		session(\%session, $app->{timeout}, $cookie_id);
-
+		if ($r->unparsed_uri =~ /vulture_logout/) {
+                        $r->status(200);
+                        $r->content_type('text/html');
+                        $r->print(get_redirect($session{proto}."://".$sso_portal. ":". $port . "/?vulture_logout&vulture_app=".  $session{_session_id}));
+                        tied(%session)->delete();
+                        return Apache2::Const::OK;
+                }
 		if ($session{reponse}) {                #Si le POST renvoie quelque chose
                         my $contenu= $session{reponse};
                         my $code = $contenu->code;