fix(fastapi): rework cookies - do not re-emit generically

This change removes cookie re-emission of AURLANG and AURTZ,
adds the AURREMEMBER cookie (the state of the "Remember Me"
checkbox on login), and re-emits AURSID based on the AURREMEMBER
cookie.

Previously, re-emission of AURSID was forcefully modifying
the expiration of the AURSID cookie. The introduction of
AURREMEMBER allows us to deduct the correct cookie expiration
timing based on configuration variables. With this addition,
we now re-emit the AURSID cookie with an updated expiration
based on the "Remember Me" checkbox on login.

Signed-off-by: Kevin Morris <kevr@0cost.org>

aurweb/templates.py

@@ -16,7 +16,7 @@ from fastapi.responses import HTMLResponse
 
 import aurweb.config
 
-from aurweb import captcha, l10n, time, util
+from aurweb import captcha, cookies, l10n, time, util
 
 # Prepare jinja2 objects.
 _loader = jinja2.FileSystemLoader(os.path.join(
@@ -148,9 +148,12 @@ def render_template(request: Request,
     """ Render a template as an HTMLResponse. """
     rendered = render_raw_template(request, path, context)
     response = HTMLResponse(rendered, status_code=int(status_code))
-    secure_cookies = aurweb.config.getboolean("options", "disable_http_login")
-    response.set_cookie("AURLANG", context.get("language"),
-                        secure=secure_cookies, httponly=True)
-    response.set_cookie("AURTZ", context.get("timezone"),
-                        secure=secure_cookies, httponly=True)
-    return util.add_samesite_fields(response, "strict")
+
+    sid = None
+    if request.user.is_authenticated():
+        sid = request.cookies.get("AURSID")
+
+    # Re-emit SID via update_response_cookies with an updated expiration.
+    # This extends the life of a user session based on the AURREMEMBER
+    # cookie, which is always set to the "Remember Me" state on login.
+    return cookies.update_response_cookies(request, response, aursid=sid)