added ENV variable DB_SESSIONS to force dev server to use db instead of file store for sessions; moved _update_session_userid flag to top of block in cgiapp_prerun so only have to set it once for both new logins & re-authenication after timeout & removed it from _create_user_profile()}
git-svn-id: https://jti.org.uk/svn/hmds_lims/trunk@1153 4177bd82-f056-0410-812d-caef170e3fa0
