don't require auth_admin for inactive sessions

nobody noticed because polling is actually broken but this would cause erroneous auth dialogs when (e.g.) one is on a VT with a different user thereby causing the other session to be inactive and potentially throw up an auth dialog for no good reason