How hard would it be to have a hidden parameter
that specifies the lock file for the session,
and the logout button deletes that file.
Each page would check for existance of that file before access.
What's in the file? A time stamp.
If the file is there, but the timer is expired,
it gets deleted and the requested page is not displayed.
I'd be interested to hear more about sessions.