I looked a little deep.
- When I call the logoff service. the response header has the set-cookie header, setting the expiry date to past.
- But when I refresh/reload the application, browser sends the cookie without considering the old expiry date.
- Then I checked with the Fiori application. When I click on Logout button, a pop-up comes which says you have been logged out. If I reload the application without closing the browser, I see that cookie is sent and logout does not happen.