Avoid creating excessive amounts of sessions.

Store the session cookie also when user is not logged in - just to keep
his session ID and not create a new session for each and every request.

Additionally use Ext.JSON instead of JSON.