In the CmsSecurityValve clear up the jcr SSOSession after each call and login a new one for each new request

To make the CmsSecurityValve more robust, and make sure that the HttpSession binded jcr session cannot be out-of-sync (which we seemed to have in a clustered environment with concurrent copying hst config for same subsite), we need to logout the JCR session at the end, and login + refresh at the beginning (refresh just to make sure all latest changes from the repo has been synced in clustered env)