Description
Currently a request to logout with a valid session cookie, will delete the server side session in Nexus, so that the originally sent session cookie value is no longer valid in the browser.
However the response that comes back should ( but does not ) ask the user-agent to delete/expire the existing session cookie, so that it does not bother trying to send it again.
We should make logout return a Set-Cookie header as expected that forces delete/expiry of the session cookie.