Fetch session by request

Rather than using our silly GET argument session passing approach, it would probably be better to store the session ID generated after a successful OpenID login for a short while (perhaps in Redis), and allow a one-time retrieval from the client via the pre-generated key.
