On logout, logout from remote cross domain sites too
Logout from the portal clears the session cookie on the main domain (.example.com), but keeps the session cookie untouched on cross domain sites.
On a local handler, this is handled gracefully : access to a cross domain site with a deleted session triggers a redirect to the portal.
On a remote handler, the session is cached, and access is still possible after logout. This is true for the SOAP/REST session backend. I guess database backends like Redis or Mongo don't suffer from this.