Do not allow session ID reuse and clean up sessions for introducee
It was possible that a malicious introducer sends new request with the same session ID that was used previously and thus causing introducees to have multiple states for the same session ID. This commits prevents that from happening and adds an integration test for that scenario.
Also if an introducee removes an introducer, all past session states will be deleted from the database. For this, a test was added as well.
Closes #371 (closed) Closes #372 (closed)