ASP.Net Identity - Invalidate Old Session Cookie

Jun 22, 2016 at 4:13 PM
The cookie called AspNet.ApplicationCookie is generated by OWIN after successful login. I cloned the request with cookies after login using Fiddler or other tool, then I signed out from application. I was able to access the application using cloned request without entering user name and password. It seems old session cookie can be used to authenticate a user with unlimited time .

How can we invalidate the Authentication cookie after signout?
Coordinator
Jun 24, 2016 at 7:42 PM
How is this different from your last post?
http://katanaproject.codeplex.com/discussions/655728