[web session] fix session handling so we get a chance to have for instance the 'forgotpwd' feature working on a site where anonymous are not allowed
fix several pbs:
* we need a session id and a session cookie anyway, else subsequent http queries are unrelated
* this imply some changes in the session attribution workflow for session without a cnx
* some views/selectors must be fixed for cases where session has no cnx
On the way, avoid unnecessary Redirect on successful login.
closes #750543
<div id="ajaxroot">
<div class="ajaxHtmlHead">
<script src="http://foo.js" type="text/javascript"> </script>
</div>
<h1>Hello</h1>
</div>