The best way I've found is to trace this from the browser side. One call to a microflow or a retrieve is returning a 403 - forbidden response and redirecting you to the login page.
In your browser's dev tools in the network tab, there is a setting to preserve the network log even after redirects. You can also do the same in the console. So flip those on, and then cause your security error. If there aren't details in the console, you will find the 403 in the network log and can review the HTTP request to see which entity or microflow is the culprit.