Hi, Philip.
Session exists at the server, the only thing that ties you to a session are tokens (cookies, contents of local storage etc) browser keeps. So this is a two-fold problem. The safest way to end it would be to ensure the session at Gluu Server is ended (ideally, the sessions at RPs/SPs as well). This is done by following proper [logout sequence](https://gluu.org/docs/ce/3.1.2/operation/logout/)
The other approach is to clean all related tokens from user's browser. This won't kill actual session(s) at server, but those are usually designed to [end after some time](https://gluu.org/docs/ce/3.1.2/admin-guide/session/).
What you are asking is hardly related to Gluu Server itself, its more about what users' browsers may support (which are many, and represented by a multitude of versions). If you can find a way to achieve either of results mentioned above during browser's termination, for most of them, then you have your solution. That's not something we at Community Support may assist with.
>Can Session Timeouts help force my sites to logout and let the users login again?
Session timeouts are just timeouts, when time runs down for a user's session at Gluu, next time they'll be sent there by some SP/RP, they will have to re-authenticate, but that's about it. If setting lower timeouts may satisfy your needs, you should give it a try.