stop using temporary cookies for logged in users and set a timeout instead. Sessions should now timeout after 48 hours of inactivity, or 8 days since authenticating, whichever comes first. Also fix a bug where we tried to delete users sessions before actually figuring out who they were which stopped logout functioning correctly