The client is probably just caching the SSL session so that it doesn't have to re-authenticate the server's certificate on subsequent connection attempts. There really isn't a way you can force the client to clear it's SSL session cache from the server, though you could also require client authentication, though then every client would need a certificate for your server to verify. You should verify though with wireshark, netstat, lsof, etc. if the client keeps it's connection open to the server or not.
Thanks for the information. From what I can gather when my client tries to make a second request with the server they just agree to change the keys being used to encrypt the SSL session. By using client authentication I can at least know that whoever is holding onto the session is authorized to. Again thanks for the information.