diff --git a/include/baseTheme.php b/include/baseTheme.php
index 5e358ee30c..ebb825c96f 100644
--- a/include/baseTheme.php
+++ b/include/baseTheme.php
@@ -138,7 +138,7 @@ function get_theme_class($class) {
     }
 
     $t->set_var('LANG', $language);
-    $t->set_var('ECLASS_VERSION', ECLASS_VERSION);
+    $t->set_var('ECLASS_VERSION', CACHE_SUFFIX);
 
     if (!$is_embedonce) {
         // Remove search if not enabled
@@ -263,6 +263,7 @@ function get_theme_class($class) {
         $t->set_var('STATS_LINK', $urlAppend . 'modules/usage/?t=u');
         $t->set_var('LANG_LOGOUT', q($langLogout));
         $t->set_var('LOGOUT_LINK', $urlAppend . 'modules/auth/logout.php');
+        $t->set_var('CSRF_TOKEN', $_SESSION['csrf_token']);
         $t->set_var('MY_COURSES', q($GLOBALS['langMyCoursesSide']));
         $t->set_var('MY_MESSAGES', q($GLOBALS['langNewMyMessagesSide']));
         $t->set_var('LANG_ANNOUNCEMENTS', q($GLOBALS['langMyAnnouncements']));
diff --git a/main/toolbox.php b/main/toolbox.php
index e6f18234d3..9e047007ef 100644
--- a/main/toolbox.php
+++ b/main/toolbox.php
@@ -114,8 +114,10 @@
 }
 $t->set_var('langSelectFromMenu', js_escape($langSelectFromMenu));
 if ($uid) {
-    $t->set_var('loginLogout', q($_SESSION['givenname'] . ' ' . $_SESSION['surname']) .
-        " &nbsp; <a href='{$urlAppend}modules/auth/logout.php'>$langLogout</a>");
+    $t->set_var('loginLogout', "<form method='post' action='{$urlAppend}modules/auth/logout.php'>
+        <input type='hidden' name='token' value='$_SESSION[csrf_token]'>" .
+        q($_SESSION['givenname'] . ' ' . $_SESSION['surname']) .
+        " &nbsp; <a class='logout-button' href='{$urlAppend}modules/auth/logout.php'>$langLogout</a></form>");
     $t->set_block('main', 'loginModalsBlock', 'delete');
 } else {
     $t->set_var('loginModal', 'loginModal');
diff --git a/modules/auth/logout.php b/modules/auth/logout.php
index f29984364c..52dc894258 100644
--- a/modules/auth/logout.php
+++ b/modules/auth/logout.php
@@ -31,7 +31,7 @@
 require_once 'modules/auth/auth.inc.php';
 require_once 'modules/auth/methods/hybridauth/config.php';
 
-if ($uid) {
+if ($uid and isset($_POST['token']) and validate_csrf_token($_POST['token'])) {
     $login_method = $session->getLoginMethod();
     Database::get()->query("INSERT INTO loginout (loginout.id_user,
                 loginout.ip, loginout.when, loginout.action)
@@ -62,6 +62,15 @@
         phpCAS::client(SAML_VERSION_1_1, $cas['cas_host'], intval($cas['cas_port']), $cas['cas_context'], FALSE);
         phpCAS::logoutWithRedirectService($urlServer);
     }
+} elseif ($uid) {
+    $pageName = $langLogout;
+    $tool_content = "
+        <form method='post' action='logout.php'>
+            <input type='hidden' name='token' value='$_SESSION[csrf_token]'>
+            <input type='submit' name='submit' value='$langLogout'>
+        </form>";
+    draw_popup();
+    exit;
 }
 
 redirect_to_home_page();
diff --git a/template/default/js/main.js b/template/default/js/main.js
index 1036e5e9a2..27f519e2d4 100644
--- a/template/default/js/main.js
+++ b/template/default/js/main.js
@@ -202,20 +202,20 @@ $(document).ready(function () {
             { hide: $(this).data('state') },
             function () { location.reload(); });
     });
-    
+
     // External Apps activate/deactivate button
     $('.extapp-status').on('click', function () {
         var url = window.location.href;
         var button = $(this).children('i');
         var state = button.hasClass('fa-toggle-on') ? "fa-toggle-on" : "fa-toggle-off";
         var appName = button.parent('button').attr('data-app');
-        
+
         button.removeClass(state).addClass('fa-spinner fa-spin');
-        
+
         $.post( url,
                 {state: state,
                  appName: appName},
-                function (data) {           
+                function (data) {
                     var newState = (data === "0")? "fa-toggle-off":"fa-toggle-on";
                     button.removeClass('fa-spinner fa-spin').addClass(newState);
                     btnColorState = button.parent('button').hasClass('btn-success')?'btn-success':'btn-danger';
@@ -223,7 +223,7 @@ $(document).ready(function () {
                     button.parent('button').removeClass(btnColorState).addClass(newBtnColorState);
                 });
     });
-    
+
     // deactivate om + webconf button when bbb button is enabled
     $('.bbb-status').on('click', function () {
         var url = window.location.href;
@@ -234,15 +234,15 @@ $(document).ready(function () {
         var om_state = om_button.hasClass('fa-toggle-on') ? "fa-toggle-on" : "fa-toggle-off";
         var webconf_state = webconf_button.hasClass('fa-toggle-on') ? "fa-toggle-on" : "fa-toggle-off";
         var appName = button.parent('button').attr('data-app');
-        
+
         button.removeClass(state).addClass('fa-spinner fa-spin');
-        
+
         $.post( url,
                 {state: state,
                  appName: appName},
-                function (data) {                    
+                function (data) {
                     if (data === "0") {
-                        newState = "fa-toggle-off";                        
+                        newState = "fa-toggle-off";
                     } else {
                         newState = "fa-toggle-on";
                         if (om_state === 'fa-toggle-on') {
@@ -260,13 +260,13 @@ $(document).ready(function () {
                            webconf_button.parent('button').removeClass(webconf_btnColorState).addClass(webconf_newBtnColorState);
                         }
                     }
-                    button.removeClass('fa-spinner fa-spin').addClass(newState);                    
-                    btnColorState = button.parent('button').hasClass('btn-success')?'btn-success':'btn-danger';                    
-                    newBtnColorState = button.parent('button').hasClass('btn-success')?'btn-danger':'btn-success';                    
-                    button.parent('button').removeClass(btnColorState).addClass(newBtnColorState);                    
+                    button.removeClass('fa-spinner fa-spin').addClass(newState);
+                    btnColorState = button.parent('button').hasClass('btn-success')?'btn-success':'btn-danger';
+                    newBtnColorState = button.parent('button').hasClass('btn-success')?'btn-danger':'btn-success';
+                    button.parent('button').removeClass(btnColorState).addClass(newBtnColorState);
                 });
     });
-    
+
     // deactivate bbb + webconf button when om button is enabled
     $('.om-status').on('click', function () {
         var url = window.location.href;
@@ -277,15 +277,15 @@ $(document).ready(function () {
         var bbb_state = bbb_button.hasClass('fa-toggle-on') ? "fa-toggle-on" : "fa-toggle-off";
         var webconf_state = webconf_button.hasClass('fa-toggle-on') ? "fa-toggle-on" : "fa-toggle-off";
         var appName = button.parent('button').attr('data-app');
-        
+
         button.removeClass(state).addClass('fa-spinner fa-spin');
-        
+
         $.post( url,
                 {state: state,
                  appName: appName},
-                function (data) {                    
+                function (data) {
                     if (data === "0") {
-                        newState = "fa-toggle-off";                        
+                        newState = "fa-toggle-off";
                     } else {
                         newState = "fa-toggle-on";
                         if (bbb_state === 'fa-toggle-on') {
@@ -302,14 +302,14 @@ $(document).ready(function () {
                            webconf_newBtnColorState = webconf_button.parent('button').hasClass('btn-success')?'btn-danger':'btn-success';
                            webconf_button.parent('button').removeClass(webconf_btnColorState).addClass(webconf_newBtnColorState);
                         }
-                    }                    
-                    button.removeClass('fa-spinner fa-spin').addClass(newState);                    
-                    btnColorState = button.parent('button').hasClass('btn-success')?'btn-success':'btn-danger';                    
-                    newBtnColorState = button.parent('button').hasClass('btn-success')?'btn-danger':'btn-success';                    
-                    button.parent('button').removeClass(btnColorState).addClass(newBtnColorState);                    
+                    }
+                    button.removeClass('fa-spinner fa-spin').addClass(newState);
+                    btnColorState = button.parent('button').hasClass('btn-success')?'btn-success':'btn-danger';
+                    newBtnColorState = button.parent('button').hasClass('btn-success')?'btn-danger':'btn-success';
+                    button.parent('button').removeClass(btnColorState).addClass(newBtnColorState);
                 });
     });
-    
+
     // deactivate bbb + om button when webconf button is enabled
     $('.webconf-status').on('click', function () {
         var url = window.location.href;
@@ -320,15 +320,15 @@ $(document).ready(function () {
         var bbb_state = bbb_button.hasClass('fa-toggle-on') ? "fa-toggle-on" : "fa-toggle-off";
         var om_state = om_button.hasClass('fa-toggle-on') ? "fa-toggle-on" : "fa-toggle-off";
         var appName = button.parent('button').attr('data-app');
-        
+
         button.removeClass(state).addClass('fa-spinner fa-spin');
-        
+
         $.post( url,
                 {state: state,
                  appName: appName},
-                function (data) {                    
+                function (data) {
                     if (data === "0") {
-                        newState = "fa-toggle-off";                        
+                        newState = "fa-toggle-off";
                     } else {
                         newState = "fa-toggle-on";
                         if (bbb_state === 'fa-toggle-on') {
@@ -352,7 +352,7 @@ $(document).ready(function () {
                     button.parent('button').removeClass(btnColorState).addClass(newBtnColorState);
                 });
     });
-                
+
 
     // Leftnav - rotate Category Menu Item icon
     if ($(".collapse.in").length > 0) { //when page first loads the show.bs.collapse event is not triggered
@@ -406,7 +406,6 @@ $(document).ready(function () {
         var contentHeight = $("#Frame").height();
 
 
-
         $("#innerpanel-container").slimScroll({height: '215px'});
         $("#collapseMessages ul.sidebar-mymessages").slimScroll({height: '215px'});
 
@@ -416,6 +415,10 @@ $(document).ready(function () {
         $("#Frame").css({"min-height": initialHeight});
         $("#sidebar").css({"min-height": initialHeight + margin_offset});
 
+        $('.logout-button').click(function (e) {
+            e.preventDefault();
+            $(this).parent('form').submit();
+        });
 
         // Right Side toggle menu animation
         $('#toggle-sidebar').click(function () {
diff --git a/template/default/theme.html b/template/default/theme.html
index e9ea10ad80..2942c1b7a1 100644
--- a/template/default/theme.html
+++ b/template/default/theme.html
@@ -155,7 +155,10 @@
                                     </li>
                                     <!-- END UserMenuBlock -->
                                     <li role="presentation" style="border-top: 1px solid #ddd">
-                                        <a role="menuitem" tabindex="-1" href="{%LOGOUT_LINK%}"><span class="fa fa-unlock fa-fw"></span>{%LANG_LOGOUT%}</a>
+                                        <form method='post' action='{%LOGOUT_LINK%}'>
+                                            <input type='hidden' name='token' value='{%CSRF_TOKEN%}'>
+                                            <a class='logout-button' role="menuitem" tabindex="-1" href="{%LOGOUT_LINK%}"><span class="fa fa-unlock fa-fw"></span>{%LANG_LOGOUT%}</a>
+                                        </form>
                                     </li>
                                 </ul>
                             </li>
diff --git a/template/default/toolbox/toolbox.html b/template/default/toolbox/toolbox.html
index abb05e1ea8..4748db3726 100644
--- a/template/default/toolbox/toolbox.html
+++ b/template/default/toolbox/toolbox.html
@@ -13,30 +13,6 @@
     <script src="{%template_base%}/js/bootstrap.min.js"></script>
     {%EXTRA_CSS%}
     {%HEAD_EXTRAS%}
-    <script>
-        $(document).ready(function () {
-            $(".loginModal").click(function () {
-                $('#registerModalContent').modal('hide');
-                $("#lostPassModalContent").modal('hide');
-                $("#loginModalContent").modal();
-            });
-            $(".registerModal").click(function () {
-                $('#loginModalContent').modal('hide');
-                $("#lostPassModalContent").modal('hide');
-                $("#registerModalContent").modal();
-            });
-            $(".lost-pass-link").click(function (e) {
-                e.preventDefault();
-                $('#registerModalContent').modal('hide');
-                $('#loginModalContent').modal('hide');
-                $("#lostPassModalContent").modal();
-            });
-            $("select").select2({
-                theme: "bootstrap",
-                placeholder: "{%langSelectFromMenu%}"
-            });
-        });
-    </script>
 
     <!-- Favicon for various devices -->
     <link rel="shortcut icon" href="{%FAVICON_PATH%}" />
@@ -326,6 +302,34 @@ <h4 class="modal-title" id="lostPassModalLabel">{%langRemindPass%}</h4>
     </div>
 </div>
 <!-- END loginModalsBlock -->
+<script>
+    $(document).ready(function () {
+        $('.loginModal').click(function () {
+            $('#registerModalContent').modal('hide');
+            $('#lostPassModalContent').modal('hide');
+            $('#loginModalContent').modal();
+        });
+        $('.registerModal').click(function () {
+            $('#loginModalContent').modal('hide');
+            $('#lostPassModalContent').modal('hide');
+            $('#registerModalContent').modal();
+        });
+        $('.lost-pass-link').click(function (e) {
+            e.preventDefault();
+            $('#registerModalContent').modal('hide');
+            $('#loginModalContent').modal('hide');
+            $('#lostPassModalContent').modal();
+        });
+        $('select').select2({
+            theme: 'bootstrap',
+            placeholder: '{%langSelectFromMenu%}'
+        });
+        $('.logout-button').click(function (e) {
+            e.preventDefault();
+            $(this).parent('form').submit();
+        });
+    });
+</script>
 {%HTML_FOOTER%}
 </body>
 </html>