secure the global session cookie

the global session cookie currently contains the useres muid and can thus very easily be stolen. this needs to be fixed in private UserSession prepareUserSession(RequestParameters params); 
