SESS cookie should be invalidated on logout

Problem/Motivation

I think I've discovered a bug where simplesamlphp_auth and autologout don't play well together. Because SAML expects an Idp, when pulling the site locally and trying to log in without one, it's easy to use drush uli because there's no creds we can connect with and we can bypass the SAML login process entirely.

Upon trying to log in for the first time with drush uli (say for UID 1), things will work immediately. However, when autologout kicks in and logs out the user in question if you try and drush uli again it will no longer work because there's a stalled SESS cookie in the browser. Until you manually delete the SESS cookie or unless it expires (23 days after) you'll be stuck. This is a major issue because it's not straight forward to understand the issue and it's significantly breaking the log in mechanism and expectation when using the module.

Proposed resolution

The SESS cookie should be invalidated/destroyed upon automatic logout .

Remaining tasks

Discuss.

User interface changes

Users can now use e.g. drush uli to log in successfully to the site

API changes

None expected.

Data model changes

None expected.