As noted in comment, it might occur that we receive a "sessioneid" from
a valid cookie while respective CWSession got dropped (typical case is
db being recreated while users got preserved). In such case, we just
recreate the CWSession entity as if it did not exist.