Change URI sub-path to be derived from company

Replaces the approach of having the session ID in the URI.

Also removes the need to have '?__action=root' from URL by using '__default'
action in erp.pm.

lib/LedgerSMB/Middleware/SessionStorage.pm

@@ -74,8 +74,8 @@ sub call {
             my $res = shift;
 
             if (! $self->inner_serialize) {
-                my $token = $env->{'lsmb.session'}->{token}  ?
-                    $env->{'lsmb.session'}->{token} . '/' : '';
+                my $token = $env->{'lsmb.session'}->{company_path}  ?
+                    $env->{'lsmb.session'}->{company_path} . '/' : '';
                 my $path  = $self->cookie_path
                     ? ($self->cookie_path . $token)
                     : LedgerSMB::PSGI::Util::cookie_path($env->{SCRIPT_NAME});

lib/LedgerSMB/Scripts/erp.pm

@@ -19,13 +19,13 @@ use strict;
 use warnings;
 
 
-=item root
+=item __default
 
 Displays the root document.
 
 =cut
 
-sub root {
+sub __default {
     my ($request) = @_;
 
     $request->{title} = "LedgerSMB $request->{version} -- ".

lib/LedgerSMB/Scripts/login.pm

@@ -19,6 +19,7 @@ use strict;
 use warnings;
 
 use HTTP::Status qw( HTTP_OK );
+use Digest::MD5 qw( md5_hex );
 use JSON::MaybeXS;
 
 use LedgerSMB::PSGI::Util;
@@ -86,10 +87,12 @@ sub authenticate {
         return $r;
     }
 
-    my $token = $request->{_req}->env->{'lsmb.session'}->{token};
+    $request->{_req}->env->{'lsmb.session'}->{company_path} =
+        md5_hex( $r->{company} );
+    my $token = $request->{_req}->env->{'lsmb.session'}->{company_path};
     return [ HTTP_OK,
              [ 'Content-Type' => 'application/json' ],
-             [ qq|{ "target":  "$token/erp.pl?__action=root" }| ]];
+             [ qq|{ "target":  "$token/erp.pl" }| ]];
 }