Invalidating a session depends entirely on what web service you use and what module for handling sessions, you need to be able to find where the session data is stored and set all session to expired (or depending on how you handle sessions, simply deleting them may work). Without a valid session with the server, the client should be set through the authentication process again.