Drupal, by default, does not support automated logouts based on inactivity. Thankfully, there is the "Automated Logout" module, which allows granular control of automated logouts. And for browser exits, there is a value you can set in your settings.php file.

For a recent website, we configured the Automated Logout module to automatically logout users with the role of "admin" and "blogger" after 1 hour of inactivity has passed, and we enabled automatic browser refresh as well so that any user using the computer after the inactive time would not view authenticated content the previous user had been viewing.

In the configuration settings for Automated Logout, you can configure several items:

• Length of inactivity time, in seconds, before a user will automatically logged out
• Designate the user roles exclude or included from automated logout
• Enable browser refresh after inactive time has passed
• Enable "watchdog" logging for users who have been automatically logged out
• Block settings to notify users when they will be automatically logged out
• Restrict number of active sessions per user

If you want the user to be logged out when they exit their browser, one option is to set the session cookie lifetime to "0" in the settings.php file:

ini_set('session.cookie_lifetime',  0);

The module and the settings.php change work very well together in giving you the control you need over automated logouts.