Changelog
=========

0.2 - 6th November 2012
-----------------------

- Add COOKIELESS_ANON_ONLY setting to not use cookieless if a user is authorised
- Update example settings
- Add test suite
- Don't assume request META keys exist so OK with test client etc.
- Fix session decrypt with wrong secret - generates non-unicode key bug 
  rather than new session
- Add SPECIFIC_URL option for extra security for sessions

0.1 - 4th November 2012
-----------------------

* Initial release

- Django snippets - 
  http://djangosnippets.org/snippets/1540/
  Basis of middleware
- Add simple crypt of sessionid when used in HTML
- Call standard contrib.sessions.Session if not decorated as no_cookies
- Add CSRF exempt decorator too to ensure cookie not set by that
- Add templatetags for users who prefer manual adding of session ids
- Add settings options to configure level of security applied, 
  e.g. whitelist of referers, no URL rewriting etc.

  Ed Crewe, julio carlos and Ivscar (snippet), Paul Chakravarti (xteacrypt)
