if user that is currently logged in is removed, the session/tab where the user is navigating will throw an exception
steps to reproduce
1) Create a new user: user_001
2) Open a private window, log into the frontend using a siteaccess in legacy mode with user_001
3) in the the backend, delete user_001
4) Go to the logged user_001 session and navigate to any link. You will get the error above.
note: using a Sf siteaccess, the error is a "403 Forbidden - AccessDeniedHttpException"
in the documentation, there is a warning that users should not be removed, here:
however, when user_001 is deleted in admin, the user's browser has no information of the event, and keeps sending session data that the server accepts as valid. this is not the same case as access to an object created by a removed user (such as an old comment)