I'm looking at https://pages.nist.gov/800-63-3/sp800-63b.html#sec7 as an example (also searched other docs), and I'm trying to understand if there's a clear definition of what does session termination entails.

Specifically, I'm trying to understand if *server* side session termination is mandatory, and if a user must be moved from where last page they were on to a logot (or back to login) screen.
This does seem to be the case in OWASP (https://cheatsheetseries.owasp.org/cheatsheets/Session\_Management\_Cheat\_Sheet.html#automatic-session-expiration).

Thanks!