only use sessionId for logged in users
Fixes #35 (closed)
When not logged in, every request can return a different session id so it's impossible to match.
Fixes #35 (closed)
When not logged in, every request can return a different session id so it's impossible to match.