At the moment we have very high-level code in the config() of framework.module.js which redirects the user to the login page if an API action is unauthorised (session timeout). There's no visible feedback to the user at this point though.
I think we need to move the addition of that handler to a run() so that the horizon.framework.widgets.toast.service is available and we can throw up a toast telling the user that they've been logged out. We can't include it in the config() because at that time the toast service hasn't been instantiated.
You can see this in action by loading up the swift UI and forcing a session invalidation, then clicking on some action like viewing a container contents.
Targeting to RC1 for now, but may bump. It actually handles the logout fine, but the UX for it is very unpleasant and creates a lot of confusion for the end user.