Form Authentication - Cookie replay attack - protection

Question

I am being asked about cookie replay attacks with my ASP.NET websites forms authentication.

I have followed the advice below to protect against any attack but think

Answer 1

A simple idea is to generate a random guid and store it in the user data section of the cookie. Then, when a user logs out, you retrieve the guid from the user data and write it in a server side repository with an annotation that this "session" has ended.

Then, have an http module that checks upon every request whether or not the guid from the userdata section of your cookie doesn't point to a ended session. If yes, terminate the request with a warning that expired cookie is reused.

This comes with a cost of an additional lookup per request.