auth: remove username from AuthUser session cookie There's no reason to store the username when we store the user ID. We have load the user from database anyway under all circumstances, to verify e.g. that the user is (still) active. This does not impact application code, but does impact a number of test cases which explicitly checks the username stored in the session.