That is why you must rely on having a session timeout as your reliable mechanism to invalidate your session.
However there are cases that it is essential for you to know whether the client is still active or have navigated away (e.g. Webbased chat application). In such cases due to the statelessness of the HTTP protocol, you can make the browser continuesly poll the server to let the server know that he or she is still alive, but this may consume your network resources.
subject: How to do logout when browser closes in jsf