I've tried invalidating httpsession with the help of refresh_token and client_Credentials the code returns 200 but user is still login in the browser and session is still active.
I've tried another way by using the LogoutAction and JWS, this also seems have no effect on session.
