Avoid accepting arbitrary sessionName adoption to continue webservice.

sessionName from request parameter should not be accepted as valid without lookahead check against the current user comparision.

File-based or external session handling configuration would come in the way to make such checks (as CRM uses apache-php session storage).

Until we find a way to firmly check - we should disable extendsession from webservice.