CMS-11335 Make sure a new session is created after login
Avoid the possibility to exploit session fixation. After login, the session id needs to be renewed. There are some if/else conditions because when logging in into multiple webapps (cms and cms/console), it is not always possible to renew the session since you would then be logged out for the other app. Hence, the same credentials are allowed to login into a second app without session invalidation. On localhost we allow even different credentials to support being able to login into cms and cms/console during development with different credentials.
Showing with 39 additions and 8 deletions