Similar to OidcBackChannelServerLogoutHandler. Such implementation would forge a POST /logout with the session id and needed attributes, like the CSRF token. It would have the advantage of invoking the cleanup needed during a regular logout, instead of just removing the session from the WebSessionStore like the InvalidateLeastUsedReactiveMaximumSessionsExceededHandler does.