Hi @dabashin140504 !
Here are my reaserch results:
Users stay logged in irregardless of Login Session Management settings because of an auth cookie stored in browser, that is set after a user logged in. With an access to this cookie - user stays logged in and a local session persist. (My colleague explained it well in this topic)
Looking at our docs, the exp claim in the ID token can be used to determine when an app have to call the /logout endpoint.
The exp claim refers to the ID Token Expiration value and can be set set here:
Auth0 tenant → Applications → your SPA app → Settings → Id token → ID Token Expiration.
Please let us know if you have some questions on this!