Fixes #5645: Fixes session undefined error when user has a default taxonomy set.

fixes #3914 - set current taxonomies on login from user defaults

fixes #4457 - Session fixation, new session IDs are not generated on login (CVE-2014-0090)

fixes #3930 - refactoring of edit_self implementation.

fixes #3280 - authenticate returns true for API requests when login:false

fixes #3312 - support /users/extlogin as a login page based on REMOTE_USER

fixes #2988 - merge authentication code, enables REMOTE_USER auth on new API controllers