I use the IUserSecurityStampStore to implement sign-out-everywhere functionality. It seems to work fine, however I have the problem that every time the user changes her password, she is logged off afterwards.

One possibility to work around this issue, is to call SignIn in the Manage-Action of the AccountController after a password change.

This seems to work, but I think it’s a bit clumsy and probably not the right way.

Thats why my questions are:

• How can I force OWIN to rewrite the cookie for the current logged on user?
• If the above way is the right way, how do I know if the user wants to have her Cookie persistent or not (SignIn desires this information)?

So the samples and templates call SignIn after the user does something that causes the security stamp to change. Unfortunately you do not have a great way to restore the persistent state of the cookie in this scenario, this is something we will try address in a future update.

I filed an issue to track this along with the other related issues around this: https://github.com/aspnet/Identity/issues/135