Hi,
Is there a way to invalidate FedAuth-cookie so that it can't be used after logout? Our SharePoint solution is audited by several security companies and all of them always says that "SERVER DOES NOT TERMINATE SESSIONS ON LOGOUT". This means that they can fetch data from our server by using recorded FedAuth cookie eaven if the user is logged out.