Nice work. I like the fact that even existing keys will be updated with device info — even without performing a new login, and without having to use "Remember Me" again — so long as we pass through session_create(). Meaning it's not going to happen "immediately" necessarily, but once your existing session lifetime expires & the existing autologon key needs to be used to create a new session, the device details get updated at that point even without "performing a new login."
This scenario had come to mind because I realized there were some minor edge cases where "the user agent identification string isn't necessarily going to remain the same." Although normally we would expect "the autologon cookie should always be used/sent by the same device and user agent", entering into the F12 Developer tools can end up changing your user agent identification string due to the device emulation in effect. As such, the user agent string is now different. Even though "the persisted cookies sent when accessing this site" remain exactly the same, including the autologon cookie.
So I just wanted to be sure that "SessionKeys isn't going to forever persist Linux or iOS as my platform" just because I happened to login or re-create my session while under F12 on my Windows PC. And in my opinion, the current logic already handles this well enough. The "wrong" information might be shown for the duration of the current phpBB session lifetime, but as soon as a new session needs to be created, whatever user agent string is in effect at that point will be updated in the device info. That's plenty frequent enough, to me.