Two-factor authentication (2FA) is usually a good thing to enable in order to make it more difficult for an unauthorised person to login to your account remotely, as they will need that second authentication to be able to login.

Unless someone has access to your computer, then cookies & history don’t really matter. However, if you login to facebook, and then leave your computer open for 10mins, someone could open up facebook again and you would likely still be logged in. If that’s a scenario you’re worried about, then you could erase all your browsing session data to ensure that you’re effectively logged out everywhere.