I have an MVC app using OWIN authentication, with a protected Index page. My auth token is aset as a session cookie.
On IE11, if I login successfully, clear my cache (ctrl-shift-delete, preserve favorites is unchecked, everything else including cookies is checked), then refresh the page I am still logged in.
On Chrome, following the same steps (I'm clearing storage via Developer Tools > Application > Clear storage, or individually deleting all cookies), refreshing the page brings me back to my login screen.
Per answers on this question it sounds like IE either doesn't delete session cookies when you run "Delete Browsing History" or it's keeping session cookies around until the whole browser restarts.
Is there any offical documentation somewhere about this behavior?
Should I not expect that a simple "delete browser history" method in IE should have the desired behavior of forcing to log back in?
Or, is there something else I should be configuring on my app to force a login if someone tries clearing their browser history?
