bug 1176: Avoid unsetting the CSRF Hashes from the session when doing cert login