Updated session middleware to allow session cookie attributes. Also f… …

…ixed a bug in session middleware that would clobber response cookies. Added tests for both to session_test.clj.