Django-cookieless

------------------------

- Never use the cookie for session for decorated views since it may break sessions passed by
cookieless means

------------------------

- Only rewrite redirect URLs if USE_GET is True and its the same domain

-----------------------

- Fix issue of not having no_cookies to test in process_request by getting it from urlresolvers
Now we only check for cookie session where we should, and cookies cannot mess with cookieless sessions
- Make the deletion of any cookies that are passed on to the URL, an optional feature
- Use settings.TESTING based on argv to disable, instead of check for servername

-----------------------

- Turn off cookieless for django test browser - since its hard coded to use
dummy sessions if an alternative session provider is in use -
otherwise cookieless could break other packages tests
- Add server name switch to re-enable test browser for cookieless functional tests
- Change anon user switch to be NO_COOKIE_PERSIST - ie. never use cookie originated sessions - move to process_response
- Make session use cookieless post / get first over cookies, if present
- Delete request cookies if found in response
- Refactor settings to a dictionary
- Add some tests
- Move fix for non-unicode key to the decrypt method

[Ed Crewe]

-----------------------

- Add COOKIELESS_ANON_ONLY setting to not use cookieless if a user is authorised
- Update example settings
- Add test suite
- Don't assume request META keys exist so OK with test client etc.
- Fix session decrypt with wrong secret - generates non-unicode key bug
rather than new session
- Add SPECIFIC_URL option for extra security for sessions

[Ed Crewe]

-----------------------

* Initial release

- Django snippets -
http://djangosnippets.org/snippets/1540/
Basis of middleware
- Add simple crypt of sessionid when used in HTML
- Call standard contrib.sessions.Session if not decorated as no_cookies
- Add CSRF exempt decorator too to ensure cookie not set by that
- Add templatetags for users who prefer manual adding of session ids
- Add settings options to configure level of security applied,
e.g. whitelist of referers, no URL rewriting etc.

[Ed Crewe, julio carlos and Ivscar (snippet), Paul Chakravarti (xteacrypt)]