/auth/logout always returns 200 & doesn't clear cookies

1. `/auth/logout` always returns 'Logged out successfully' even if unauthenticated
2. `/auth/logout` doesn't clear cookies, causing reauthentication on frontend `/login` after a page reload.