Fixed bug where session.stop was not delegating at all times to the security manager (required for the security manager to clear out a cookie in web environments)