Right now when a user logs out of MediaWiki, a significant amount of state can stay behind spanning both the logged-in and logged-out browsing session, which is likely unexpected from a user perspective.
While we take care to expire the PHP session data, and PHP session cookie on the client. Other cookies (session-bound or otherwise), and all browser storage (sessionStorage and localStorage) remain.
The session-bound cookies and sessionStorage values should be cleared if the user remembers to properly close all windows and quit the browser. But even then other storage remains.
And more likely, a user may close the browser in its entirety, in which case most modern browsers are helpful enough to save it anyway and offer to restore the session upon re-opening of the browser.
Logging-out is the key user interaction here that we should use to clear everything else.
In addition, we can use the Clear-Site-Data header which can help clear additional things in supported browsers (such as HTTP caches).