Remote logins for old_sessions not working

Issue

In an earlier issue (#402 (closed)) we fixed how on-campus users get logged in after their sessions expire. But that doesn't work correctly for off-campus users. This issue is to fix that part.

How to replicate

1. In development (config/environments/development.rb) change session lifetime to something short, e.g.,

config.user_session_life_span = 30.seconds

2. Log in as uga1 (for example) and wait 30 secconds.

3. Go to express link with that institution, e.g.,

localhost:3001/express?link=zbac&inst=uga1

4. Note where you end up. If you see the welcome screen, that's the problem. You should be sent to UGA's SSO login (i.e., logging in via openathens).

How to fix

It should be true that in the sessions controller, where we look to see if the session is old, only do ip authentication if the user is on campus (somewhere). However, the express controller still duplicates some of the login logic and is confusing the logic somewhat (a lot).