added ENV variable DB_SESSIONS to force dev server to use db instead of file store for sessions; moved _update_session_userid flag to top of block in cgiapp_prerun so only have to set it once for both new logins & re-authenication after timeout & removed it from _create_user_profile()
set flag in cgiapp_prerun() to update sessions.userid on re-authentication after a session timeout, as session is deleted & re-created (without userid) - still needs more worksvk_diff
patched C::Resources::active_sessions() again to use CAP::Authen method of calculating expired sessions, not CGI::Session etime (ie 86400 seconds for all users)
patched C::Resources::active_sessions() to use 4th parameter to args to CGI::Session::load() to avoid updating session atime which acts as keep-alive for all sessions - REQUIRES CGI::Session VERSION >4.40
moved login.tt from site to login/default.tt; used authen->is_new_login to redirect to C::Login::hello(); moved code to generate new diagnosis list from LIMS::_create_user_profile() to C::Login::hello(); new db table user_message + DB class
moved file upload handing from L::Local::Utils::unzip_file() to C::Roles::DataFile::process_file_upload(); C::DataImport::bcr_abl() can process zip or xls file; completed data parsing by C::DataImport::bcr_abl()
