> You cannot use an untrusted computer to reliably log out.
You could conceivably have a login sessions page and access it from a trusted computer to force logout of a session from an untrusted computer.
But it seems the bigger problem with login from a malicious computer is that the computer could do whatever it wants with your session while you're logged in, regardless of how securely you can logout later.
Yes. As soon as you use an untrusted computer, there is no telling what you are vulnerable to. But:
(1) people frequently (and rightly) do that anyway, so we might as well make it less bad.
(2) Building a trustworthy computer is largely about isolating different components in a way that hurts malware more than it does the user-experience. Sticking keys on a USB key is one instance of such isolation.
You could conceivably have a login sessions page and access it from a trusted computer to force logout of a session from an untrusted computer.
But it seems the bigger problem with login from a malicious computer is that the computer could do whatever it wants with your session while you're logged in, regardless of how securely you can logout later.