fix: add explicit session configuration parameters

Added back session expiration, inactivity, remember_me, and same_site
settings at both global and cookie level to ensure proper session
handling across subdomains.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

net/authelia/configuration.yml

@@ -84,9 +84,17 @@ access_control:
 # session secret set via environment variable: AUTHELIA_SESSION_SECRET
 session:
   name: 'authelia_session'
+  same_site: 'lax'
+  expiration: '1h'
+  inactivity: '5m'
+  remember_me: '1M'
   cookies:
     - domain: 'pivoine.art'
       authelia_url: 'https://auth.pivoine.art'
+      same_site: 'lax'
+      expiration: '1h'
+      inactivity: '5m'
+      remember_me: '1M'
 
 regulation:
   max_retries: 3