Enhance sign-out guidance

[guardrex]

Fixes #36662

Thanks, @MarvinKlein1508! 🚀 ... If we can get this right, we'll have closed an important gap in our coverage.

Stephen ... I may have butchered a little bit of your suggested direction 🙈, but I wanted to really flesh this one out in complete detail. The outline for this guidance explains the common RevalidatingServerAuthenticationStateProvider.RevalidationInterval setting in the main section. Then, there are a pair of subsections ...

• ASP.NET Core Identity subsection: Focuses on setting SecurityStampValidatorOptions.ValidationInterval.
• Cooke-based, non-Identity subsection: Focuses on the two approaches that you described. However, it does so with less code for the second approach, only describing the non-interval approach in a paragraph with API cross-links ... AND ... I'm not 100% sure that the code I'm showing for the first approach is exactly right. We'll see on review where I've gone off the rails! 😄

---

Internal previews

📄 File	🔗 Preview link
aspnetcore/blazor/security/index.md	aspnetcore/blazor/security/index

[Copilot]

Pull request overview

This PR expands the Blazor security guidance around sign-out behavior and revalidation when using RevalidatingServerAuthenticationStateProvider, addressing gaps raised in #36662.

Changes:

• Adds a new “Authentication state management at sign out” section explaining circuit revalidation vs. cookie validity.
• Introduces Identity-specific guidance using SecurityStampValidatorOptions.ValidationInterval and UpdateSecurityStampAsync.
• Adds cookie-auth (non-Identity) guidance with suggested logout-trigger approaches and cross-links to the cookie-auth article.

[halter73]

Copilot wanted to leave a bunch of inline comments for the following:

Compound-modifier hyphenation. Multiple instances of "30 minute" / "five minute" / "four minute" used as adjectives — per Microsoft style they should be hyphenated when modifying a noun: "30-minute window/interval/revalidation interval", "five-minute interval", "four-minute interval". Affects lines 545 (twice), 549, 551, 568, 570, 572, 576, 591, 593.

Also,

Repo guidance says to bump ms.date to today when more than 50 characters change. This PR adds ~80 lines, so this should be updated.

ms.date: 05/28/2026

I personally don't care too much about this, but I guess it makes sense if that's what the style guide says.

[guardrex]

Fair enough on the adjectives. I'll fix them up. I love the way Copilot has to be run multiple times to catch problems. I feel like it should be run two or three times on every PR to get ALL of its suggestions in.