Revert r29671, it was based on a misunderstanding of the purpose of the LoggedOut cookie. The LoggedOut cookie is there to suppress the client-side cache, not the server-side cache. It prevents privately cached logged-in pages from being displayed after the user logs out. Feel free to special-case it in squid if you're worried about the server-side cache hit ratio, but note that IMS requests would need special handling.
* Credential data in the session is destroyed, so the session is harmless. But it is still useful for abuse tracking (logout/login sequences) and similar analysis.
* Not much point in removing the username persistence feature if you can't improve the squid cache hit ratio, which was obviously your goal.