[testlib] add convenience assertion method to check __message

[test] fix failure introduced by 1719eab69551: the regexp should be fixed, not the error message

[web test] fix test failures introduced by 7431:cab99ccdb774

backport stable changes

[ui message] fix regression introduced by 7429:ef5165fa99e0, leading to 'None' message displayed in the ui

backport stable changes

[json controller] fix .exception call msg format string (missing one slot)

[test] fix tests broken by 7427:5338d895b891

merge default heads

[ui messages, xss] Start migration towards use of _msgid instead of __message (prone to XSS injection) closes #1698245

backport stable

[ui messages] make application message component works when request has no cnx set and support for explicit message given through render argument

backport stable

[web session] fix session handling so we get a chance to have for instance the 'forgotpwd' feature working on a site where anonymous are not allowed fix several pbs: * we need a session id and a session cookie anyway, else subsequent http queries are unrelated * this imply some changes in the session attribution workflow for session without a cnx * some views/selectors must be fixed for cases where session has no cnx On the way, avoid unnecessary Redirect on successful login. closes #750543

[ajax js/css] modconcat fix: load code exactly once (auc, fcayre) * introduces cw.ajax namespace (currently hosts only recent modconcat functionality) * handle load-one/load-many-at-once edge case * properly handle already-loaded js resource * avoid .appendTo to trigger script evaluation since from jquery 1.5 this results in uncached ajax calls

[test] update test broken by previous commit