fix: #8142, broken site if no server-side session (#8148)

* fix: #8142, broken site if no server-side session

During the `addHeader` middleware, a check is now done to see if
`req.session.meta` is present. This value is only present if the user
has a valid server-side session.  If it is missing, then it is probably
safe to assume that the server-side session was deleted (either
intentionally or accidentally). In that scenario, the client-side cookie
should be cleared.

Also, there was an issue where the sessionRefresh flag was never cleared
after a successful login, so that was fixed too.

* feat: exported method to get cookie config

* fix: don't clear cookie if cookie is being set

* fix: socket.io tests

Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com>

test/helpers/index.js

@@ -66,8 +66,9 @@ helpers.logoutUser = function (jar, callback) {
 
 helpers.connectSocketIO = function (res, callback) {
 	var io = require('socket.io-client');
-
-	var cookie = res.headers['set-cookie'][0].split(';')[0];
+	let cookies = res.headers['set-cookie'];
+	cookies = cookies.filter(c => /express.sid=[^;]+;/.test(c));
+	const cookie = cookies[0];
 	var socket = io(nconf.get('base_url'), {
 		path: nconf.get('relative_path') + '/socket.io',
 		extraHeaders: {