It's only being cleared on successful auto-logins. We can't do much directly about edge logins without changing them to scripts rather than images, but at least the local domain should be cleared.
Probably the best thing to do would be to include a small RL module for all centrally-logged-in page views to clear CentralAuthAnon. That would handle the local domain and any foreign domains that later get visited.
Version: master
Severity: normal