If you use MySQL to store sessions, emptying xf_session
or restarting MySQL (unless you have changed the Engine, by default it is Memory) will indeed logout all users.
If you also want to force users to really log in again even if they have a remeber cookie you will also have to empty table xf_user_remember
(or at least remove non-expired entries).
If you do not do this, users with remember cookies will be logged out as well but immediately start a new session again when they make the next request.
If you cache sessions outside of MySQL (Redis, Memcache) you would have to remove them from there as well.