Cosign-protected websites should have a logout link or button which invokes a local action on that website. Besides doing any clean-up for your application, it should:
- Have the browser destroy your website’s Cosign service cookie.
- Redirect the browser to the WebAccess logout page.
(You cannot force the termination of the actual login session.)
The URL is WebAccess logout. Samples of logout scripts at this UPenn site can be used if the logout URLwithin them is changed to the one above. For Apache http, the mod_cosign source code also has examples in the