Create proper anonymized copy of Session object

Changing the Session object the way it was done previously
interferes with the new caching mechanism. The objects are
now long-lived so any direct changes to it which are not
in the spirit of its use case have to be removed. In this
case, changing the creator information invalidated many
of the isCreator checks sprinkled through the code, as
the new creator's name would have been the string
"not visible to you."