I followed to the letter, every instruction in this post: Official Single-Sign-On for Discourse (sso) i.e. setup the sso login url, receive the payload and secret, verify the secret, create a url encoded base64 payload and hashed payload which was received on the forum and automatically logs on the user.
However, the user is not logged off the website when I log out of discourse as well as when the user session on the main site expires.