Oddbean new post about login | logout I see, but this sounds like a broken design. If you depend on the app to keep keys safe then how is this any better than just pasting your nsec there and hoping for the best? I think the full logout can only happen at the bunker side somehow.
I think it's a common action for logout button to clear local session info - cookies, token etc. Client might ask the server to destroy the token too if that's supported, but client should act in the interest of user and do it's best to destroy the session info locally. Well at least that's how I always thought about it.