only create sid cookie at login if sid not already in cookies

[pascalmartin]

We Backport this fix IdentityServer/IdentityServer4#441 in IdentityServer3

Can we confirm is the right fix.

We have 2 application in same domain

www.domain.com => App1
www.domain.com/subapp => App2

Using the oidc-client.js with IdentityServer3, this setup not working when we activate monitorSession when second app is authenticate the other App refresh in loop.

[dnfclas]

Hi @pascalmartin, I'm your friendly neighborhood .NET Foundation Pull Request Bot (You can call me DNFBOT). Thanks for your contribution!

In order for us to evaluate and accept your PR, we ask that you sign a contribution license agreement. It's all electronic and will take just minutes. I promise there's no faxing. https://cla2.dotnetfoundation.org.

TTYL, DNFBOT;

[dnfclas]

@pascalmartin, Thanks for signing the contribution license agreement so quickly! Actual humans will now validate the agreement and then evaluate the PR.

Thanks, DNFBOT;

[pascalmartin]

@brockallen Do I need to create a issue for this PR?

[brockallen]

I've just not had a chance to look at it yet.

[brockallen]

Also, we don't take PRs on master -- can you resubmit against dev?

[pascalmartin]

Y resubmit on dev in this PR #3484

[brockallen]

thanks, i'll have a look when i can