I am using FORM authentication, together with Realm. I would like to know how can I log out.
The only solution so far is to close browser, but that's not acceptable from the usability standpoint.
As pointed by the accepted answer
((HttpServletRequest) request).getSession().invalidate();
Most forms of authentication use a cookie on the browser to track the session, so you only need to delete that cookie. The Firefox plugin Web Developer can give you a list of cookies for the current domain.
Most likely, invalidating the session (HttpSession's "invalidate()" command) will log out the user -- when you close the browser, you're doing the equivalent.