I am using below code to Login and Logout for OWIN Authentication. I first login to the system and captured the session,.Asp.ApplicationCookie ,etc using tool like Fiddler or Burp Suite , and logout from system. After that I tried to access the previous url and able to access .It seems the ClaimsIdentity is still alive after logout but it supposed to be deleted and should be redirected to login page after logout . Do you have any idea how I can invalidate the claimsIdentity after signout
public void IdentitySignin(ApplicationUser appUserState, string providerKey = null, bool isPersistent = false)
{
var identity = UserManager.CreateIdentity(appUserState, DefaultAuthenticationTypes.ApplicationCookie);
AuthenticationManager.SignIn(new AuthenticationProperties()
{
AllowRefresh = true,
IsPersistent = isPersistent,
ExpiresUtc = DateTime.UtcNow.AddDays(7)
}, identity);
}
public void IdentitySignout()
{
AuthenticationManager.SignOut(DefaultAuthenticationTypes.ApplicationCookie,
DefaultAuthenticationTypes.ExternalCookie);
}