Bug: Warning for transactions with no session identifier

If a transaction request which assumes an active session was sent with no session identifier at all, a harmless ``uninitialised variable'' warning was issued. I fixed it to set the session ID to the null string in this case. The invalid session warning will continue to appear in the HTTP error log, but the Perl warnings which preceded it have now been banished.