Change how we handle expired sessions

Issue

When a user with an old session clicks an express link (or does an eds search), we display the login page with an "expired" message.

Solution

Instead of the above, we maybe should try to log the user in via IP or OA--that is, do the same thing we do if the old session didn't exist.