SSO: auth_pubtkt cookie refresh must work on POST requests too

In our current SSO implementation using auth_pubtkt, an auth token issued by Apache (auth_pubtkt module) is valid for 30 seconds, of which the last 5 seconds are considered to be a grace period when the client is supposed to refresh its cookie, i.e. obtain a new auth token. Unfortunately, this doesn't work with POST requests, as mentioned in auth_pubtkt's documentation.

This can be a problem for certain applications like TT-RSS where once the UI is loaded, every subsequent user interaction is a POST request to the backend. Currently, a TT-RSS user has to reload the application every 30 seconds to be able to use it, since all POST requests after 30 seconds will respond with the status 403.

We must have a workaround to mitigate this issue and have the affected apps like TT-RSS working again like before.