Version 0.1.1
---------------------------------------------------------------------------

* MellonSecureCookie option, which enables Secure + HttpOnly flags on
  session cookies.

* Better handling of logout request when the user is already logged out.


Version 0.1.0
---------------------------------------------------------------------------

* Better support for BSD.

* Support for setting a IdP CA certificate and SP certificate.

* Support for loading the private key during web server initialization.
  With this, the private key only needs to be readable by root. This
  requires a recent version of Lasso to work.

* Better DOS resistance, by only allocating a session when the user has
  authenticated with the IdP.

* Support for IdP initiated login. The MellonDefaultLoginPath option can
  be to configure which page the user should land on after authentication.


Version 0.0.7
---------------------------------------------------------------------------

* Renamed the logout endpoint from "logoutRequest" to "logout".
  "logoutRequest" is now an alias for "logout", and may be removed in the
  future.

* Added SP initiated logout. To initiate a logout from the web site, link
  the user to the logout endpoint, with a ReturnTo parameter with the url
  the user should be redirected to after being logged out. Example url:
  "https://www.example.com/secret/endpoint/logout
   ?ReturnTo=http://www.example.com/". (Note that this should be on a
  single line.)

* Fixed a memory leak on login.

* Increased maximum Lasso session size to 8192 from 3074. This allows us to
  handle users with more attributes.

* Fixed handling of multiple AttributeValue elements in response.