on the logout page, add a restrict access behavior: webassist -> Security Assist -> Secure Page. Set it to grant access if "Logged into <your users table>" (where <your users table> is the name of your users table) and redirect to another page if access is denied.
makes sure the access page behavior code is after the clear session code on the logout page.