Sadly, no. I ended up going with cookie invalidation by running OpenDocument and the web application via the same load balancer, but using different paths for each.
E.g. this code in the web application which forwards users to OpenDocument
Cookie deletionCookie = new Cookie(JSESSIONID, "");
deletionCookie.setPath("/BOE");
deletionCookie.setMaxAge(0);
response.addCookie(deletionCookie);
Thankfully, user licenses aren't a problem for us.