That is a limitation of the deployment method you are using. There have been attempts to try and make a "logout" button, but I believe they have typically failed or never worked completely.
Authentication session can be destroyed by setting user name to some predefined value like "-".
1. Try to authenticate user. Action: continue.
2. If user name is "-" and URL is logout page, e.g. http://logout then Action: Block with custom logout template.
3. If user is not authenticated or URL is logout page then Action: Authenticate
Authentication server logic:
1. If URL.Redirect is logout page
Set Authentication.IsAuthenticated to true
Set Authentication.UserName to "-"
Action: Redirect back from authentication server
2. Do normal authentication with login page/proxy auth.
User1 accesses http://logout before he leaves, as the result his session it overwritten and user name is set to "-". When User2 calls any URL proxy detects invalid session and forces authetnication.