Hello, I need assistance with a security issue related to the ".Nop.Authentication" cookie. If a malicious user is able to capture the ".Nop.Authentication" cookie and inject it directly into their browser, they will have access to the application with the same level of access as the user whose cookie they stole. I need an effective way to invalidate the ".Nop.Authentication" cookie upon the user's logout.
I have already tried changing the expiration date upon logout as well as deleting the cookie, but neither option has worked.