All, have learned that our issue was not so much the user was not logged off, as when new user signs on in portal, he is being signed in to back end system as original user.
I have been using a Generic Application Integrator iview, but according to SAP, I needed to use the Web Dynpro iview, and with details from note 1717945 and related notes, so that it will do a logoff notification to the back end systems.
I think this is also what will kill the SAP_SESSIONID_sysid_client cookie. Because if I clear that manually, problem is fixed as well.