It depends on the website. Many websites do have the behavior you describe. But some will just delete your session cookie from your browser (without deleting it from the server) which would let the attacker keep using it.

That's why it's a perfect negative feedback system. Genius.

Looking at the distribution of responses, the Lake Wobegon Effect (http://en.wikipedia.org/wiki/Lake_Wobegon_effect) seems to be out in full force. :)