Expire the session cookie if there previously is one (with valid token), but the data container is empty

[Ocramius]

The session cookie should be forcefully removed if:

• the client sent it previously
• the data in it (at the end of the request) is empty

[lcobucci]

Closed by #11