Anonymous flags use session_api AND a cookie

Flag allows anonymous flags using session_api. Very very good. This should mean session_api is fully and only responsible for storage. However, flag_flag::uses_anonymous_cookies() uses a different approach to see whether to use FlagCookieStorage (which sets a flags cookie).

Before:

  /**
   * Returns TRUE if this flag requires anonymous user cookies.
   */
  function uses_anonymous_cookies() {
    global $user;
    return $user->uid == 0 && variable_get('cache', 0);
  }

Fixed:

  /**
   * Returns TRUE if this flag requires anonymous user cookies.
   */
  function uses_anonymous_cookies() {
    global $user;
    return $user->uid == 0 && variable_get('cache', 0) && !module_exists('session_api');
  }

If session_api is enabled, don't use a cookie.