- Note that HTML is stateless, the page only knows the server status (e.g. user to be logged out) when you reload the page or load another page. The server cannot log user out itself if the user stays on the client side.
- You better enable Disallow concurrent login also so the user cannot login from another browser.