Closing the browser window after sign-off is always recommended, for security. Cookie time-out occurs when the overall user session is controlled by ObSSOCookie. Consider the following use-case:
FedAuth cookie time-out and ObSSOCookie is still valid: The user won't be challenged again because the ObSSOCookie is present. A new FedAuth cookie is generated (using the same flow described earlier).
ObSSOCookie time-out and FedAuth Cookie is still valid: Since each request is intercepted by the WebGate, the user is challenged for credentials again.
Access Manager provides single logout (also known as global or centralized log out) for user sessions. With Access Manager, single logout refers to the process of terminating an active user session.
This topic describes how to configure single sign-off for integration with SharePoint. Single sign-off kills the user session.
You can configure a custom logout URL in SharePoint Server.
To configure: