Destroy session when invalid, use more compatible js path

data/web/inc/lib/vendor/owasp/csrf-protector-php/libs/config.php

@@ -39,9 +39,9 @@ return array(
 	"customErrorMessage" => "",
 	"jsPath" => "../js/csrfprotector.js",
   // Fetching IS_HTTPS from sessions handler
-	"jsUrl" => get_trusted_hostname(),
+	"jsUrl" => "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js",
 	"tokenLength" => 10,
 	"secureCookie" => false,
 	"disabledJavascriptMessage" => "",
 	 "verifyGetFor" => array()
-);
+);

data/web/inc/sessions.inc.php

@@ -54,5 +54,9 @@ function session_check() {
   return true;
 }
 if (isset($_SESSION['mailcow_cc_role']) && session_check() === false) {
-  exit("Invalid session");
+  session_regenerate_id(true);
+  session_unset();
+  session_destroy();
+  session_write_close();
+  header("Location: /");
 }