How to track expired WIF fedauth cookies?

Question

I have an interesting problem with trying to keep track of expired WIF authentication sessions/cookies.

As a bit of background: the site is MVC 3, uses Windows Identity

Answer 1

You don't without keeping a server-side list of the tokens recently revoked. This is why normally we rely upon an inherent expiration as well as HTTPS to prevent the token from being leaked/stolen.