[sombremesa]

If they are automatically clicking these links you may be able to spoof an E-mail that looks similar to the password reset request but have the cancel link actually log them out.

Going to this URL logs you out on Gmail: https://accounts.google.com/Logout?service=mail&continue=htt...

This might not work, but it's probably worth a try.

[umurkontaci]

It did work for me a when I clicked from here on HN!

[Aissen]

Yes, and this can be done in a CSRF attack on a web page like superlogout.com (don't go there if you don't want to be logged out of 20+ websites).

[anilgulecha]

This is nice :) Certainly helpful when using a public machine. Heck .. make that the homepage on browser-launch on public machines and guest accounts.

[toxicFork]

Wow, I'm surprised so many of these still work...