Plone.session

------------------

- Make sure to load the right meta ZCML.
[hannosch]

- Avoid deprecation warnings under Zope 2.13.
[hannosch]

- Removed dependency on GPL licensed Products.PloneTestCase.
[hannosch]

------------------

- Make the ``secure`` option of cookies configurable. This allows to restrict
cookies to HTTPS connections alone. This closes
http://dev.plone.org/plone/ticket/7897.
[pfurman, hannosch]

- Use the standard libraries doctest module, instead of the deprecated one
from zope.testing.
[hannosch]

- Marked the session cookie as ``HTTPOnly``.
[hannosch]

- PEP8 cleanup.
[hannosch]

- Relicense as BSD following PF Board decision.
http://lists.plone.org/pipermail/membership/2010-April/001123.html
[elro]

------------------

- Example IIS login form and documentation. This builds on work by Hanno and I
at Jarn for Centrepoint.
[elro]

- Support authentication by an external form, perhaps one running on an IIS
server with Integrated Windows Authentication.
[elro]

------------------

- Prefix setupSession with underscore, the method should be unavailable TTW.
[elro]

- Catch a ComponentLookupError in authenticateCredentials.
[elro]

------------------

- Add back the hash management UI with added functionality to set shared
secret.
[elro]

- Add properties for cookie domain and ticket validity timeout.
[elro]

- Use mod_auth_tkt format cookies to give us a session validity timeout.
By default we use a more secure HMAC SHA-256 hashing scheme. An MD5 based
scheme compatible with other mod_auth_tkt implementations is optional.
[elro]

- Remove the source component indirection.
[elro]

------------------

- Remove hash management UI which had been accidentally re-merged.
[davisagli]