That's definitely not user cache issue, if I had to guess it would be that whatever SSO cookie you're setting from the other system is getting picked up again after the user logs out... which means the user is getting logged back in. Could that be the case?
Yes, that was the case. It was setting a new token everytime the creatAuthToken was called. Thank you.