APM close session when smart card removed

In normal circumstances the APM doesn't work like that. Once you established a session you're allowed to send traffic until the session ends. What you might be able to do is to create a Per-Request Policy, so that the Access Policy will be verified every time the client sends a rquest. I haven't played around too much with those but I know they don't have all the features of the normal Access Policies, but they might be able to do what you need.