Create an authorization session with a given idle-timeout and max-age expressed in seconds

Associates an :auth-session key to the request map an authorization cookie is passed in.  To set an authorization session, simply provide an :auth-session key in the response map (set to nil to delete).

An auth session is a map with at least the following keys:

  :csrf-token     - A token which can be placed in hidden form fields to thwart CSRF attacks

  :idle-timeout   - Maximum number of seconds the session can be idle (integer)

  :max-age        - Maximum number of seconds the session exist (integer)

  :last-access    - Date/time of last activity with session, expressed as milliseconds since the Unix epoch

  :created-at     - Date/time of session creation, expressed as milliseconds since the Unix epoch

  See the convenience function `make-auth-session` for making auth sessions.

For general information about HTTPS routes and development practices, see the README.