fix: set `max_age` for `AURTZ`, `AURLANG` and `AURREMEMBER`

Henry Zhangrequested to merge
henry-zhr/aurweb:master into master

AURTZ, AURLANG and AURREMEMBER doesn't have max_age and become session cookies.

One of the results is "remember me" function actually didn't work.
The AURREMEMBER cookie is removed after browser closes, then AURSID's expiration will be set to 2h in the next request.

Merge request reports