<iframe> to the OpenID Connect provider’s “check_session_iframe” (whose value should be accessible from the metadata endpoint). This
<iframe> (given that it is from the OP’s origin) can access the cookies managed by the OP and can detect when the user’s login session has changed (meaning the user has signed out, or has signed in as another user).
postMessage to the
<iframe> to ask if there have been any changes to the user’s session. The
<iframe> will reply with either