ASP.Net Insufficient Session Timeout

A common security concern found in ASP.Net applications is the forms authentication cookie is still valid after logout