Consider automatic single logout when an IdentityServer session is overwritten

[AndersAbel]

Consider a user being logged in to IdentityServer and one or more client applications. What if they then open another client application that has specific requirements on login that the current session doesn't fulfill? It could be an acr value for a tenant or a specific idp. IdentityServer would then show the login UI and on successful sign on overwrite the existing session. At this point, the client sessions participating in the existing single sign on session are orphaned. Those sessions can no longer successfully invoke Single Logout (because IdentityServer will have no record of their session), nor will they ever be notified in a Single Logout scenario.

To prevent orphaned sessions, consider doing a single logout whenever the existing IdentityServer session is about to be overwritten.

[brockallen]

We've always know that this is possible, but we never did anything auto-magically and left it to the dev to decide how to handle that on the login page if there is an existing session. I'm not saying that we couldn't do something, but historically we decided against.