Replace changed by expires_at in session handling

[pabzm]

This prepares using extended session lifetimes configurable per session

[pabzm]

I rebased the branch onto the lastest of the "master" branch to fix the CI runs.

[pabzm]

We should think about changing set_auth_cookie() to not use time-based slots but something else, because its anti-session-hijacking function is not really powerful anymore if it changes only every 18 hours.

[alecpl]

Some of my comments in #9991 apply here.

[pabzm]

@alecpl I fixed the version number in the "initial.sql"-files, and setting the expiry time in rcube_session_php. The only other of your comments in the other PR that I understand would apply to this PR is this on, of which I don't understand why you consider the change wrong.
Are these the only issues you see with the changes I proposed in this PR?

[pabzm]

I rebased onto the latest of the "master" branch.

[johndoh]

This might be a bit picky but I think update files should also include something like

ALTER TABLE `session` RENAME INDEX `changed_index` TO `expires_at_index`; 

I think the name of the index is not that important but I think the schema should be the same when created by the initial file or through updates.

The change to sqlite.initial.sql is missing.

[pabzm]

@johndoh Thank you for the review! I agree that renaming the index is a good idea and added it to the SQL migration files.

The change to sqlite.initial.sql is missing.

What do you mean by that? I don't see a missing change in there that the other initial-files have.

(I also fixed the roundcube-version number to match the date-string of the corresponding SQL migration files.)

[johndoh]

@pabzm my apologies. I somehow missed that sqlite.initial.sql was in the diff. I mistakenly thought only the update file was there not the initial one.

The alter table statement for sqlite should be

ALTER TABLE `session` RENAME INDEX `ix_session_changed` TO `ix_session_expires_at`;

i think, i have not tested it, just corrected the index names.

and for postgres

ALTER TABLE `session` RENAME INDEX `session_changed_idx` TO `session_expires_at_idx`;

i think

[pabzm]

@johndoh Thank you for that hint! I didn't expect a different index name in the differente databases.

[pabzm]

If y'all would be fine with merging please let me know so I can cleanup the commit history before someone hits the button!

[pabzm]

I squashed all the commits into one, didn't change anything further.

[pabzm]

@alecpl Please have another look, I'd like to merge this soon.

[pabzm]

@alecpl This is the last code change planned for v1.7, could you please have another look? Or let me know when/how we can go forward with this? I requested a new review from you 2 weeks ago, is there some blocker?

[teoberi]

I'm using 1.7 RC2 on the test server with PHP 8.5.0 and waiting for the final version for the production server.

[alecpl]

Looks good. Rebase on master to make CI green before merge, please