Logout unreliable, ginger_snap cookie not deleted

We are running a PAS plugin on onkopedia.com that performs authentication against an external REST server...working since ages. With the migration to Plone 5.2 we encounter an random logout behavior. User clicks on logout and remains logged in. It turns out that obviously the authenticationn cookie "_ginger_snap" is not properly removed from the client. First I thought of caching issues but the clients talk directly through Apache, HAProxy to the ZEO clients. No reverse proxy cache involved.

Anyone seen something similar?