Someone not looking after their own security by leaving logged in sessions where other people can access them is indeed their fault.

Come on. This is a personal responsibility issue and nothing else.

There's more to it than just logging out. What if you don't want a subpoena to reflect your most visited profiles? There should be a way to purge any data kept longer than the routine access log cycle, including information on frequently viewed profiles.