There are cases where the best user experience requires explicitly destroying the user session (and auth token), forcing the user immediately back to a login screen, but this is currently impossible.
Extensions need to be able to forcibly kill a user's session and invalidate their auth token. When this happens, they should be immediately taken to a login screen, regardless of where they currently are.
This should effectively solve
GUAC-1250 ("Display login page instead of 'reconnect/home' when session expires").