Strange, normally when you click "log out", your current session should end immediately. Even if you chose "remember me" during login, this action would reset the login cookie. Yes it may be a browser issue, please check if you can duplicate the problem on another browser. If you can, then it should be a server issue, for example your server may be configured to modify outgoing headers and in this case it may be preventing resetting the cookie header.

Firstly we're using windows authentication, but other than that our web server should be stock and it's only used for FileVista.

 

When I visit our FileVista URL, an authentication box pops up (not the login.aspx page) and I login.  If I choose to log out, then try to revisit our FileVista URL hoping for a new authentication box I'm always logged right back in as the same user no login prompt, in every browser.

 

When I log out it takes me back to the login.aspx page, so if I try logging in from there IE 11 works, but Firefox, Chrome, and Edge do not. The non working browsers give a: (5) Access is denied error.

 

I suspect it's Windows authentication related since I can never get a new login box to pop up.

Yes, if you are using Windows Authentication then this is expected, it's not possible to logout from that because the browser caches the negotiation with the server. However there is a new feature and you can use it since you upgraded to the latest version. You can now import users directly from Active Directory or Windows accounts and users imported like this can login directly on the login.aspx page (no browser logon window will be shown). So you will be able to disable Windows Authentication and let your users login with the default login page instead like regular FileVista accounts and you will not have this "session maintained" problem anymore.

 

Currently there is no option in the UI to mark already added users to be elligle for this feature but you can execute this sql statement against your FileVista database in SQL Server to mark them:

 

UPDATE [User] SET [Type] = 1 WHERE [Name] <> 'admin'

That's interesting I'll do some testing.  All our users are local accounts for FileVista and currently to login we need to put the local machine in front of the username (i.e. Computer\Username) when using the login.aspx, I presume since it's windows authentication and all the usernames are set this way in the DB, like the actual username is "Computer\Username".  Would all the usernames need to be updated as well to remove the "Computer\" at the same time?