Fixes #5645: Fixes session undefined error when user has a default taxonomy set.
fixes #3914 - set current taxonomies on login from user defaults
fixes #4457 - Session fixation, new session IDs are not generated on login (CVE-2014-0090)
fixes #3930 - refactoring of edit_self implementation.
fixes #3280 - authenticate returns true for API requests when login:false
fixes #3312 - support /users/extlogin as a login page based on REMOTE_USER
fixes #2988 - merge authentication code, enables REMOTE_USER auth on new API controllers