There was a method I used a few years back that was similar to "HttpSession.invalidate()". The difference was that it destroyed all sessions in the user's browser, not just for my site. Maybe clearing their cache? Anyone remember this method??
These are not the droids you are looking for. Perhaps I can interest you in a tiny ad?