No longer remove an incoming _sessionId; also, slight simplication of

the code that skips over _method removal.

@@ -152,10 +152,9 @@ public class DirectControlServlet extends HttpServlet {
             for (Enumeration<String> params = request.getParameterNames(); params.hasMoreElements();) {
             for (Enumeration<String> params = request.getParameterNames(); params.hasMoreElements();) {
                 String param = params.nextElement();
                 String param = params.nextElement();
                 Object[] values = request.getParameterValues(param);
                 Object[] values = request.getParameterValues(param);
-                if (!"sessionId".equals(param) && !"_method".equals(param)) {
                 context.put(param, values.length == 1 ? values[0] : values);
                 context.put(param, values.length == 1 ? values[0] : values);
             }
             }
-            }
+            context.remove("_method");
 
 
             if ("application/json".equals(contentType)) {
             if ("application/json".equals(contentType)) {
                 // Read request body as JSON and insert into the context
                 // Read request body as JSON and insert into the context