CVE-2013-2249 mod_session_dbd: Make sure that dirty flag is respected when saving sessions, and ensure the session ID is changed each time the session changes.

mod_session: Use apr_status_t as a return code across the mod_session API, clarify where we ignore errors and why.

Remove some more now redundant log prefixes

break some very long lines, no code change

Use the new APLOG_USE_MODULE/AP_DECLARE_MODULE macros everywhere to take advantage of per-module loglevels

Make sure we respect the proper pool lifetimes when saving away a preparsed session.

mod_session_cookie, mod_session_dbd: Make sure cookies are set both within the output headers and error output headers, so that the session is maintained across redirects.

mod_session_cookie: Make sure that cookie attributes are correctly included in the blank cookie when cookies are removed. This fixes an inability to log out when using mod_auth_form.

You don't export registered entry points

Fix the method used to detect the root of the request tree when subrequests are present.

Change the directives within the mod_session* modules to be valid both inside and outside the location/directory sections, as suggested by wrowe.

Insert prototypes to remove compiler warnings. [Joe Orton]

Remove all references to CORE_PRIVATE.

mod_session_cookie: Add a session implementation capable of storing session information within cookies on the browser. Useful for high volume sites where server bound sessions are too resource intensive.