In one of our applications, we are trying to open the kibana dashboard (v7.10.0), in another tab. The kibana app is loading properly. However, when we are trying to logout from the Kibana, the request (/kibanaui/auth/logout) is returning as 404. And we could see an error in browser console.
I believe, because of the error 404, the response doesn’t have desired headers which are required to remove cookies & stuff. Therefore the session is still retained.
I’m guessing that you are using OIDC or SAML, are you? What methods are you using for authentication? If you are using federated login/SSO methods, they usually works poorly when it comes to log out. AFAIK both SAML and OIDC does not have strictly defined method for how logouts should works.
For example OIDC have a opendistro_security.openid.logout_url variable that can be set but it depends on your SSO provider how the logout works. I have not used SAML in ODFES but there is a sp.forceAuthn that might be useful.