Merge r1772812, r1772813 from trunk:

      mod_session_crypto: Authenticate the session data/cookie with a MAC (SipHash)
to prevent deciphering or tampering with a padding oracle attack.



mod_session_crypto: follow up to r1772812: CHANGES entry.
Submitted by: ylavic
Reviewed/backported by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772925 13f79535-47bb-0310-9956-ffa450edef68