Several parts of the application require access to the session data
fetched from the server when rendering. On first page load we don't have
this data (something we can fix in the future by inlining the data with
the viewer HTML) and this resulted in a race between the session data
load triggered by `checkAuthentication` (in config/identity.js) and the
query sent to the server by `WidgetController`, which needs to know the
current focused group id.

Fix this by ensuring that the first load of session data is complete
before switching views -- achieved by adding an item to the list of
dependencies passed to `$routeProvider`.

This works, but results in multiple requests for session data in quick
succession, because `checkAuthentication` runs while the view is
loading. To resolve this problem, we add a straightforward TTL check to
the `session.load()` method, and only make a new request if the data is
more than 5m old.

Session data will be overwritten as normal whenever session mutating
methods (`session.login()`, `session.logout()`) etc. are called.

Fixes #2590.