I think it depends what you want to achieve. This method just logout all users, or particular ones. But you should do something in your application. You should look at logout callback, to know where user is logged out. Or at every request, check if user logged in, if not, redirect to some authentication page. But I think, you should already have the same mehanizm.