Make User checks optional and fix a problem posting to Django when CSRF is in use

[awk]

If SCAuthUserCheckURL is set to 'disabled' do not perform the GET to check for a valid user. This effectively disables the register during logon behaviour for new users.

If a 'csrftoken' cookie is present supply its value in the X-CSRFToken header for POSTs made during login. This fixes a problem in DJango when the CSRF middleware is enabled and allows the posted to JSON data to be handled correctly.