You can use the following solutions for this issue :
1. Implement Enhanced Session Assurance with DeviceDNA
Documentation: Enhanced Session Assurance with DeviceDNA
2. Use Persistent session/realms with a short Session Validation Period
For persistent sessions only, you can specify the time period that the Web Agent caches the result of a session validation call to the Policy Server.
Session validation calls perform two functions: informing the Policy Server that a user is still active and checking that the user session is still valid.
After a Logoff, the session is removed from the Session store, so if you attempt to replay a SMSESSION cookie after the validation Period,
the Web Agent will contact the Policy Server and find that the session is invalid and will reject the user session.