So I have not found a solution yet, but I have discovered:
If a user logs out of MyWebsite, I could POST a request to xenforo to change his status to "unconfirmed". This would make the forum "view only" for him. However, he would still be logged in, and generating a different login-token for another user would not log him out. This would only prevent him from using the forum.
If a user logs out of MyWebsite, I could delete or reset their xenforo cookie with yesterday's expiry date (as discussed here). However, the user would still still remain logged in as normal until he physically closes his browser, at which time he will be logged out.