change(python): rework session timing

Previously, we were just relying on the cookie expiration for sessions to expire. We were not cleaning up Session records either.

Rework timing to depend on an AURREMEMBER cookie which is now emitted on login during BasicAuthBackend processing.

If the SID does still have a session but it's expired, we now delete the session record before returning.

Otherwise, we update the session's LastUpdateTS to the current time.

In addition, stored the unauthenticated result value in a variable to reduce redundancy.

Signed-off-by: Kevin Morris kevr@0cost.org