Also use cookie_key (generated by Authlogic based on the class name) instead of using the exact cookie name.
Normally persisting a user via a crowd token is not treated as an explicit login. Only logging in via username/password is considered an explicit login. The `explicit_login_from_crowd_token` session option (false by default) allows login via crowd token to be treated as an explicit login and trigger save callbacks.
The motivation for this refactor is to add a "crowd_auth_every" option that declares how often users should be re-authorized with Crowd. By default every request is re-authenticated. Adding crowd crowd_auth_every 10.minutes to your authlogic session class will cause authenticated users to be re-authenticated every 10 minutes. I also cleaned up some of the crowd_client stuff so that application tokens are reused as often as possible (thus reducing Crowd requests). This temporarily removes support for automatically creating Crowd users when new local users are added. This should be added back in a future commit.