autologin: Fix externally-authenticated users still being authenticated after external authentication is disabled

The if condition for revoking authentication if the username changed relied on having the `$_SERVER' variable set which was used for authentication.
Authentication is now revoked if the username changed or external authentication is no longer in effect.

refs #6462

library/Icinga/Authentication/Manager.php

@@ -113,24 +113,26 @@ class Manager
     }
 
     /**
-     * Tries to authenticate the user with the current session
+     * Try to authenticate the user with the current session
+     *
+     * Authentication for externally-authenticated users will be revoked if the username changed or external
+     * authentication is no longer in effect
      */
     public function authenticateFromSession()
     {
         $this->user = Session::getSession()->get('user');
-
         if ($this->user !== null && $this->user->isRemoteUser() === true) {
             list($originUsername, $field) = $this->user->getRemoteUserInformation();
-            if (array_key_exists($field, $_SERVER) && $_SERVER[$field] !== $originUsername) {
+            if (! array_key_exists($field, $_SERVER) || $_SERVER[$field] !== $originUsername) {
                 $this->removeAuthorization();
             }
         }
     }
 
     /**
-     * Returns true when the user is currently authenticated
+     * Whether the user is authenticated
      *
-     * @param  Boolean  $ignoreSession  Set to true to prevent authentication by session
+     * @param  bool $ignoreSession True to prevent session authentication
      *
      * @return bool
      */