Session is local to a tab session (not shared across tabs, not kept after a reload). This could be managed by storing the session in a short-lived temporary cookie (say for 15 minutes) so that if you don't logout, the session would be restored automatically within 15 minutes. Still, there Ampache API does not allow one to "revive" the session, which is a real problem.
Then, I would say it can be solved quite easily, but depends on #2.
Only with refreshing the page we have to authenticate again, it's kind of annoying :/ Same thing with duplicating a tab for example.