I have used MemberShipUser API on Login we are validating user and creating FormAuthentication
FormAuthentication.SetAuth(username, false);
now if user doesnot logout and close the browser directly FormAuthentication.SignOut method is not called.
due to which when we reopen the website the user is already logged in.
Either configure the timeout value to an appropriate number or use cookie less forms authentication.
<system.web>
<authentication mode="Forms">
<forms loginUrl="Login.aspx"
protection="All"
timeout="30" <----------------------------Tune this
name=".ASPXAUTH"
path="/"
requireSSL="false"
slidingExpiration="true" <--------------------- Tune this
defaultUrl="default.aspx"
cookieless="UseDeviceProfile" <--------------------- Or Turn off cookies
enableCrossAppRedirects="false" />
</authentication>
</system.web>
http://msdn.microsoft.com/en-us/library/ff647070.aspx#pagexplained0002_cookielessforms