Add ratelimit #107
Description
In SessionManager.validateSession(): increase a counter of current requests (set a maximum per minute), if it exceeds maximum, block all requests from that session.
Because normally no one asks for a session two times, you could just do Thread.sleep(2s) when you create a session (to avoid attackers creating their own session over and over again, and resetting the counter).