In the User Registration Solution Pack there is a users logout page. On this page it does two things. The first thing it does is check to see if you are logged in, if you are not you will be redirected to the login page.
The next thing that this page does is clear out the session variables. It is the session variables that determine if you are logged in or not. If you are logged in you should have your userID held in a session variable. Your access rules should be based on the values of session variables.
Are you browsing to the users logout page? If so you should be logged out at this point. As a test of what is occurring after you visit this page you can print out the entire session by adding this code into the top of the pages you are testing this with:
After you go to the users logout page and visit any page with this code on it you should be able to see that there are no session values. If you see that there are session values present then they must be getting set from somewhere after you visit the users logout page, or they are not being deleted properly. Please post back with the results that you get so we can check on this some more.