Verify that all pages that require authentication have easy and visible access to logout functionality.
Check that the application provides a logout button and that this
button is present and well visible on all pages that require
authentication. A logout button that is not clearly visible, or that
is present only on certain pages, poses a security risk, as the user
might forget to use it at the end of his/her session.
Note that for larger applications it may be difficult to test all pages,
try to find different areas or application flows of the application and
check each one briefly.