Base sessions on UUIDs.

Now that a backfill has been applied, sessions can now be based on UUIDs
because all users will have one.

test/test_api_security.py

@@ -79,7 +79,7 @@ class ApiTestCase(unittest.TestCase):
       with client.session_transaction() as sess:
         if auth_username:
           loaded = model.get_user(auth_username)
-          sess['user_id'] = loaded.id
+          sess['user_id'] = loaded.uuid
           sess['login_time'] = datetime.datetime.now()
         sess[CSRF_TOKEN_KEY] = CSRF_TOKEN