[logout] verify referer into logout process
When handler intercepts logout URL (which is directly write by hand in a internet browser), handler redirects it to the portal.
The URL is the form of "http://auth.example.com/url=base64(url)".
There is no Referer header into the HTTP request when user goes to the portal. An error is produced: "Bad URL".