Tries to find a session for the given request. The session-ID will be
searched in the cookie header of the request, and in the request query
string. If both values are present, the value in the query string takes
precedence. If no session id is found, a new one is created and assigned
to the request.