added expiry functionality

[x24git]

Added in functionality that allows for the read in of the "max age" option for a cookie (if being created with cookies not sessions). If the cookie is expired, then we will reject the token. Puts up a minor defence against storing cookie and tokens and replaying them days later.

Rather than store cookies in a database, we can simply apend the expiry time to the cookie and obfuscate the value so its not completely obvious what it represents. We can then generate the XSRF token like normal. When checking the cookie(secret) we decode the time and compare it to the currect time to determine if it has expired.

Was thinking that rather than automatically enabling this feature if a user sets the MaxAge property on a cookie, it may be prudent to add a seperate options flag. I am open to any suggestions on how to improve this functionality.

Thank you for your time and consideration

[x24git]

Revised Branch structure. WIll recreate request