FCM tokens

Hi, I've just implemented push notifications in my website using Firebase Cloud Messages, since only registered users should receive personalized notifications, i've inserted a JS script only for authenticated users, that retrieves a fcm token and forwards it back to my server so that I can later use it for notifications. I've also removed the token on logout, but I can't wrap my head around what to do when a user doesn't log out but the session expires. I tried to intercept the session "garbage collection" so that I could remove any token that has been created using an expired session but as far as I know there's no hook in laravel for this function. I've also thought about storing the session id alongside the fcm token, so that I could check is the session hasn't been invalidated when I try to send a push notification, but again I see no way of opening a session from the id.

How could I approach this problem? Should I be doing some more work on the client side (ie check if the user is logged in using a get request when the service worker receives a push notification) or there's another way of solving this issue on the server side?