I have a Blazor WebAssembly PWA application. When I debug the application in Visual Studio, I can log in as a user and log out successfully.
Once I publish the application, listening on http://localhost:5000, I can successfully log in as a user, but when I log out, it appears that the user is still logged in:
It appears that when the application is published and I log out, the AspNetCore.Identity.Application cookie is not being cleared. Clearing the cookie from the browser logs out the user as expected, so why is this only happening when I publish the application?
The only significant change I've made is adding the following line so that authentication works. When I publish, the application listens to HTTP, not HTTPS, hence the need. Other than this, it is a new application.
app.UseCookiePolicy(new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.Lax, Secure = CookieSecurePolicy.None });
