In case a postback results in calling z_auth:logon/2, we should not
rename the session if we have already sent a session cookie.
For properly detecting this, we need to store the `set_session_id`
flag in the session instead of in the context.
When the session cookie changes (e.g. when doing an inline login
without a page refresh), the WebSocket stream needs to be restarted to
pick up the new cookie, otherwise the stream keeps using the previous
cookie for subsequent messages.