You are still logged in to your web app because the authentication information is stored in a cookie and your web app (or the .NET CAS client) does not check on every page request whether you're still logged in on the CAS server. The cookie is used for that until it expires.
So basically the CAS server has to have a Single Sign-Out page which logs out the user from all web applications using that CAS server, including yours. The CAS server has to be configured to call a Logout page in your web app, which in turn abandons the ASP.NET session and deletes the authentication cookie. The CasAuthentication.SingleSignOut()
method does this for you.