Plone.session

------------------

- Avoid deprecation warning for the sha module in Python 2.6.
[hannosch]

- Declare test dependencies in an extra.
[hannosch]

- Specify package dependencies.
[hannosch]

- Fixed the remaining tests to work with the new keyring backend.
[hannosch]

- Fixed a component lookup call in the HashSession source.
[davisagli, hannosch]

- Update default (hash) session source to use plone.keyring to manage the secrets.
[wichert]

----------------

- Protect the setupSession call with the ManageUsers permission.
Fixes possible privilege escalation.
[maurits]

- Make the cookie lifetime configurable. Patch by Rok Garbas.
Fixes http://dev.plone.org/plone/ticket/7248
[wichert, garbas]

----------------

- Fix CSRF protection for managing server secrets via the Plone session
plugin for PAS. Fixes http://dev.plone.org/plone/ticket/8176
[witsch]

----------------

- Use the binascii base64 methods to encode/decode the session cookie. This
prevents newlines being inserted in long cookies.
[wichert]

----------------

- Use the userid instead of the login name in session identifiers. This has the
side-effect of working around a bug in PAS which caused us to mix up users when
the login name used was an inexact match for another login name.
[wichert]

----------------

- First stable release
[wichert]