I obviously don't know if this will fix your issue but it did fix ours, which was very similar by the look of it. We had used the exact same worked example to incorporate Azure AD into our existing web site. All worked fine locally. When publish to a separate server we could only have one user log in. When that user logged out no one else could get through the Azure AD authentication - the authentication became stuck in a loop.
Eventually I found this article:
Under the heading "Resolving the issue" about one third of the way down, it talks about updating to ASP.NET Core and making sure you were using Microsoft.Owin.Host.SystemWeb version 126.96.36.199. Updating to ASP.Net Core is out of the question and our Owin systemweb was v4.2. So I applied the fix:
In our original code, which was based the above Microsoft example , there is a StartUp class with a Configuration method. The method had the line:
This was clearly using the default Cookie Authentication Options. Applying the fix from the article this line now looks like:
AuthenticationType = "Cookies",
CookieManager = new Microsoft.Owin.Host.SystemWeb.SystemWebChunkingCookieManager()
This updated line is replacing whatever was the previous default CookieManager with the Microsoft.Owin.Host.Systemweb cookie manager.
With that change our issue was fixed.