Server returns BadSessionNotActivated when closing a not activated session

[jonasgreen88]

Description

This issue was discovered by a client developer during the OPC IOP Workshop when he failed to active the session due to wrong username/password.
The OPC UA Specification Part 4 (1.04), chapter 5.6.4, says:

When the CloseSession Service is called before the Session is successfully activated, the Server shall reject the request if the SecureChannel is not the same as the one associated with the CreateSession request.

So I think in other cases the CloseSessionRequest shall be processed with good result, even if it has not been activated.

Also, if the authenticationToken of the of the CloseSessionRequest doesn't match the session of the currently used secure channel the stack calls the function getSessionByToken(). According to the specification the CloseSessionRequest should be rejected in this case.

Background Information / Reproduction Steps

Create a session and the close it without activating it first.

Checklist

Please provide the following information:

• open62541 Version (release number or git tag): cce2d62
• Other OPC UA SDKs used (client or server):
• Operating system:
• Logs (with UA_LOGLEVEL set as low as necessary) attached
• Wireshark network dump attached
• Self-contained code example attached
• Critical issue