Nima,
Have you fully analyzed the cookie validation process to be sure there is no way to make it work with the already existing code? It seems that the code that resets the users auth token was created specifically for this purpose and it would be better to fix the existing code than to add this. One question on logging out users is whether they can be logged in to two computers and what happens if they log out on one of them.
This probably also would affect your use case since this would effectively log the out from whatever computer they next used, if they changed to another computer it might still be logged in.
