add support for a private key with cflogin

Description

when loginstorage is set to "cookie" the cookie generated by cflogin is simply base64 encoded, when you decode the cookie you see the user and if you know an other user name you can change that cookie and try to access the site with an other user.
Lucee should have the (optinal) option to encrypt that cookie with a private key, so it cannot be read unless you have that key.

Environment

None

Assignee

Unassigned

Reporter

Michael Offner

Priority

Critical

Labels

Fix versions

Configure