This has always been a problem and one I've asked about endlessly with no resolution. ThingWorx maintains current user login regardless of new login information coming in. e.g.
User 1 is logged in.
User 2 logs in from same browser.
Afterwards, User 1 is still logged in. User 2 login is entirely ignored.
It may be possible to write an authenticator to override the built in authenticators to detect and validate the new user login, log out the old session, and log in the new session, but, I don't really know if that is possible, as the authenticator might not even be called if a session is already alive. I would like to try it myself at some point.
Another option is to make a static HTML page as your front page, load it into the Tomcat/webapps/Thingworx/ folder. Then you can use form login, I think there are examples floating around for that. If you need content from services in ThWx, you can so your own REST calls using an appKey but WITHOUT setting x-thingworx-session=true, so that it never persists the login.
MAYBE you could have some custom widget that is on the landing mashup that reaches out to the logout endpoint after loading it,so that the next call will be unauthenticated. But that's ugly. Easier would be to wrap the mashup in HTML and do it there, then you don't need to make a widget, just make sure to fire that logout after the mashup is done loading.
But.... no good options that I am aware of.
One thing we've done to work around this is to write a html page that logs the current user out, and does a meta refresh to the Organization form login page. It's very a simple html page, let me know if you want to see it. But that does require you to have a link to the FormLogin page that takes a tad longer to load and also is a click away. Might be ok for your use case?
TW creates a session with "x-thingworx-session=true", the user need to logout. It's impossible to use a service to logout from ThingWorx 6, as Pai said in Organization Management.
A workaround would be the LogoutButton extension. There's a property "RedirectURL" which is bindable. The Organization form login link can be binded dinamycally. So, when the button is clicked, the current user logout and is redirected to his Organization form login page.