When an invalid session ID is passed to PHP a warning is thrown, but the
session is still initialized with this invalid ID (throwing additional
warnings on save).

This makes sure such invalid IDs are removed from the cookie array
before initializing the session.

PHP bug references:

https://bugs.php.net/bug.php?id=68063
https://bugs.php.net/bug.php?id=73860