Feature: “Remember me” persistent login

The initial implementation of ``Remember me'' is now in place. The sign in form now includes a checkbox which selects ``Remember me'' mode, which (unless the user is logging into a read-only account), drops a cookie in the user's browser and stores a corresponding token in the ``{\tt RememberMe}'' directory which records the user name, time of creation, and time of expiry. When about to display the sign in form, we check whether the browser sent a persistent login cookie. If so, and a token is stored with its code, we automatically sign in the user and proceed to the monthly log page without the need to enter a user name or password. When a sign in via cookie is performed, the cookie used is revoked and a new cookie is assigned. Thus, only the most recently cookie is valid; a previously intercepted and stored cookie is useless.

A sign out takes the user to a sign in page via a special ``{\tt newlogin}'' transaction which bypasses the automatic cookie login. This allows the user to uncheck ``Remember me'' and revoke the cookie (for this browser).

When logged in via a cookie, the ``Settings'' page is inaccessible. This keeps a user who somehow manages to hijack a cookie from changing the user's password or disclosing identity information. A user who has logged in with a cookie can log out, log back in with their user name and password, and then access the settings page.

A new ``Forget persistent logins'' item in the Utilities page permits a user to delete all stored ``Remember me'' tokens. This will invalidate all cookies stored in browsers for this user.

A new administrator ``Manage persistent logins'' page shows all persistent login tokens. The administrator can delete any persistent login token by checking it and pressing the ``Delete'' button, specifying the administrator's password.

Added fields to the login history record to indicate whether the session is on a handheld device and if the login was done via a cookie.