RFC1 - Remove Unique User Identifiers from Service Urls

Currently, in CAS3, we remove the unique sessions identifiers associated with a Servlet session (i.e. jsession) from the Service Urls. However, this is not a formal part of the CAS specification, but is essential for validation to work. Therefore, I recommend that we amend the protocol to state that session identifiers (i.e. for PHP, Java, etc.) are removed when comparing service urls.