I created a web application with individual user accounts from the VS 2017 template. I scaffolded the Identity part to see what's done and inspect how everything is working.
One thing that raised my attention was the application cookie created after login.
Since the login creates it I expected it to be deleted on logout. But it remains after logout. Since I am quite green on cookie authentication my question is if it is inteded that the cookie remains or should it be deleted? If yes, how I would get it removed?
Since it isn't removed how does Identity differentiate if the user is logged in or not (if not based on the cookie)?
For me it seems this is an Firefox issue not updating the developer information correctly.
When I close the developer info (F12) and reopen the cookie is gone....
Chrome displays the disappearance of the cookie immediatly.