In addition to everything already mentioned, also make sure you are not omitting the scheme argument in the calls to SignInAsync and SignOutAsync, and that you are passing the same value to both. For example:
HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
and
HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
So in this example the scheme is CookieAuthenticationDefaults.AuthenticationScheme. In my case I was forgetting to pass this to SignOutAsync, and while obvious after the fact, it took longer than I'd like to admit for me to track down.
