Reject invalid requests before creating sessions

[MartinLeidig]

Requests being obviously invalid should be rejected before running in session redirection handling and unncessarily creating sessions. A common example are requests caused by broken relative image links with a missing trailing slash which are interpreted relative to the servlet path and cause unnecessary session creation.

[MartinLeidig]

Added validateRequest() method to HttpRequestHandler? base class, which can be overridden and return an HTTP error code. The ContextHttpRequestHandler? implementation by default simply checks the page name and returns a 404 if it contains slashes.