This implements a very small part of the OIDC session management as
described in
http://openid.net/specs/openid-connect-session-1_0-17.html#rfc.section.5.
It does not implement the full session management (using iframes) and
does not implement the registration and verification of logout redirect
uri's.