Form Authentication - Cookie replay attack - protection

Question

I am being asked about cookie replay attacks with my ASP.NET websites forms authentication.

I have followed the advice below to protect against any attack but think

Answer 1

Is there a way to completely destroy the forms authentication session on logout so that even if someone had stolen the cookie there would be no chance of using it maliciously

The way is to keep track on your server that the user is logged out and what time, so even if its going to see a page using a valid authenticated cookie, you double check if this user is also logged on your server records or not.

This means that you must have an extra table on your database to keep and check the login logout of your users status and not been 100% count on the authentication cookie.

Is there a way to completely destroy the forms authentication session on logout

In the worst scenario that the cookie is stolen, you actually can't.

Why is that, because the form authentication is actually keep on the cookie all the data (like when is expired, who user is, etc). So you can not delete that, is on the cookie, and the alternative is to synchronize that with your custom data on the server and have an extra level of security.

Related: Can some hacker steal the cookie from a user and login with that name on a web site?