Vaadin Framework version: 8, all versions

There is a major error in the class com.vaadin.server.VaadinSession (and possibly other classes too, if this is some kind of cargo cult programming in the Vaadin team)

Most public methods in the class use assertions to "check" if the session has the lock. This is fundamentally wrong. Assertions are the wrong tool to check preconditions in public meth

The reinitializeSession is a helper that the application can use to change the user's session id in order to protect against session fixation attacks. It works by extracting all contents of the old session, invalidating it and then populating the original content into a new session.

This whole procedure is redundant as of Servlet 3.1 which introduced the servletRequest.changeSessionId() met

Describe the bug
Running a simple, valid program in the JS.do example website may lead to a valid script terminating.

Error message is:
`Operation """": no method found, argument in overloaded package WebPerl::JSObject.
exit(255) called, but NO_EXIT_RUNTIME is set, so halting execution but not exiting the runtime or preventing further async execution (build with NO_EXIT_RUNTIME=0, if you