Updates for session fixation attacks (wincent.dev, ba7907d)

I've made the authentication mechanism even more secure against session fixation attacks by adding another couple of layers of "defense in depth".

Signed-off-by: Greg Hurrell <greg@hurrell.net>