Unless I'm missing something, logging out of a TWiki should delete the TWIKISID cookie. Also, shouldn't the cookie expire?
I've also had some of my twiki's refuse to let me log out, and most of the time, the only thing i can do to force it, is to delete the cgi_sess files.
That's probably because you are using ApacheLogin and your browser is cacheing REMOTE_USER, and not the cookie (which is only used for TemplateLogin).
Marking this to be merged, as I suspect it is the cause of a number of other problems I have seen in TWiki4.
Nopers, using templatelogin. Try again.
On reflection, and rereading the code, logout should not
delete the session cookie. It should
remove the authorised user from the session, however. See Item1820
for more on this.