Bug: Inappropriately persistent BiblioWeb logins

Visitors to my site first access my BiblioWeb-hosted bibliographic database with a guest-login-name-and-password-containing URL. If they have a personal login name, they are likely to then click the "login" link I provide and authentic themselves to gain access to and modify their marked records. But the results [noted in brackets] of the following example sequence (which is available to you to test) has me worried about the security/certainty of each user's marked records:

1) Automatically access the database via account1 (http://library.centerforoceansolutions.org/bw_login2srch?edit_loginname=...)
2) View marked records to confirm there are none
3) Log into account2 (login name & password: account2)
4) View marked records to confirm there are none
5) Conduct a search and mark a record
6) View marked records to confirm the success of step 4
7) Log out of account2
8) Log back into account1 (login name & password: account1)
9) View marked records [observe that the record marked while logged into account2 also now appears marked in account1]
10) Unmark the marked record
11) Log out of account1
12) Log back into account2
13) View marked records [observe that the record marked while logged into account2 and unmarked while logged into account1 is now also unmarked in account2]

That the observed results do not occur if the user logs out of account1 before step 3 tells me the problem is that the automatic login persists when a user logs into another account. This explains why a selected record is marked in both accounts at the same time through a single action (step 5). Even though it may make technical sense, it is an undesirable behavior and I am wondering if there is a user-side solution or if you planned to create a fix. Also, that doesn't explain why, after logging out of account2 (step 7) and back into account1 (step 8) to unmark the record (step 10), the record also becomes unmarked in account2 (observed upon completion of step 13). A user's actions shouldn't have any effect on an account they had already exited, so I am wondering if there is a user-side solution to this inappropriate behavior or if you planned to create a fix.

Thanks,
Ben

Ben, the user session is not

Ben, the user session is not removed in the server immediatly after user log out. It is kept for about 15 minutes on the server. We are working on a new version of BiblioWeb from ground up and this problem will be fixed in the new version. Thanks, Paul