We use Oauth2 authentication with Okta for our Classic ASP.Net MVC website. After the user logs out of the application, he can “replay” an old request with all of the original cookies and still get access to the website. How can I prevent this security hole?
I have successfully developed a custom ITicketStore for my ASP.Net Core websites to solve this problem (similar to Matteo's Blog - Implementing a custom ITicketStore for ASP.NET Core Identity), but I cannot find a similar concept to ITicketStore for Classic ASP.Net applications.