Prevent session id from being exposed as get parameter
- update web.xml to java 7 ->3.1 schema
(from redmine: issue id 619, created on 2018-01-22tgradl, closed on 2018-01-24)
(from redmine: issue id 619, created on 2018-01-22tgradl, closed on 2018-01-24)