When a user explicitly logs out of OpenSSO Enterprise by clicking on a link to the Logout Service the following events occur:
The Logout Service receives the Logout request, and:
Marks the user’s session as destroyed.
Destroys the session.
Returns a successful logout page to the user.
The Session Service notifies applications which are configured to interact with the session. In this case, each of the policy agents was configured for Session Notification, and each is sent a document instructing the agent that the session is now invalid.
The policy agents flush the session from the cache and the user session ends.