"logged in" status in user list not updated on session expiration

[solth]

Describe the bug
The user list does not reliably display the "logged in" status of users (with the green check mark) because the underlying Spring session is only updated when the user actively logs out of the system, not when the configured session timeout is reached. Even if a user is effectively logged out after his session expires, he still appears as "logged in" on the user page/user list. Thus, users who haven't been logged into the system for weeks or months still appear as "logged in" in the user list in case they didn't log out manually on their last visit.

To Reproduce
Steps to reproduce the behavior:

1. (optional) lower session-timeout value in web.xml to 1 and restart Tomcat to make (testing) life easier
2. Log into Kitodo with one account in one browser
3. Log into Kitodo with another account in a different browser
4. Observe user list in first browser
5. Refresh page (just in first browser) from time to time to refresh session and avoid timeout with the corresponding user
6. Once session timeout is reached for the second user, he will be logged out (resulting in page reloads in second browser to be redirected to login page)
7. In the first browser, though, the second user will still appear with the green check mark signaling he is logged in, even after reloading the page/list

Expected behavior
The user list should reliably reflect whether a user is logged in or not and the green check mark should disappear - on page reload - for users that have been logged out due to session expiration.

Screenshots

Release
3.6.0-SNAPSHOT

Additional context
This issue is related to #3169 and #4129 but describes a separate problem.