You are right but uncomplete. IMHO, you should first disconnect current user if connected.
Thus use a redirect : http://example.com/cgi-bin/koha/opac-main.pl?logout.x=1
I agree, but wanted to do further investigation. I wonder if users should be given the option of /not/ being logged out? For instance: if I'm signing in from home, I don't want to be logged out after inactivity. If it's a publicly-accessible computer I do. I was thinking maybe we need a little "Remember me" checkbox on the login form to control that behavior. For that matter, perhaps if "remember me" has been selected, should the page redirect at all? If I'm at home I probably don't want my search results page to disappear just because I got up to answer the phone or something. -- Owen