How to notice when the user is logged out due to server-side action?

[othermaciej]

Sometimes a user may be logged out of all devices/browsers due to some sort of server-side action. For example, this may happen due to too many failed login attempts, suspicious account activity, or a known password breach sending all users to a mandatory change password flow. How can the browser know about this?

[johnwilander]

This has now been ported to the W3C repo. Please continue the discussion there.