I'm having an issue where even after deleting the users cookies they are still logged in to my ASP.NET MVC site (IIS 6). HOWEVER, this only happens on my clients machine, my IE 8 on Win7 does NOT have this issue and the normal log out method works fine. It seems they need to close out the browser before it will release them from being able to access the site after clicking logout (they are using IE 8 as well). Any idea what the deal is? Note: It works fine in Firefox for the client.
The logout process is as follows:
- delete custom web app 'remember my login' cookies
- redirect to federation server which logs them out of ADFS and deletes the FS cookies
- they are stopped at 'logout complete' page on the federation server
...but when they to browse the app again, they are let in right away!