New explanation page covers full session lifecycle: idle/absolute timeouts,
remember-token mechanics, frontend keepalive, and cookie attributes.
Updates rate limiting docs with remember-token limits and smoke test.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>