[BUGFIX] Prevent data from destroyed session from being loaded
This fixes a problem with session data which is being unserialized
even though its session is about to be destroyed. Because the
time of the last activity was stored in the session and needs to be
retrieved in order to determine if the session is still valid, also all
other session data is being unserialized by PHP. This results in
session scope objects registering themselves at the Object Manager
due to their code in __wakeup().
Now the session time out is not stored in the session anymore but
in its own cookie. Therefore the session data is only unserialized
if the session is still valid.
Releases: 1.1, 1.2