Allow cookie names to be configurable
In order to improve security it would be beneficial to change cookie names from const to a configurable option. It would help mask the presence of service stack and improve security in accordance with OWASP recommendations - https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Session_ID_Name_Fingerprinting

-
Danny commented
My reason for needing this is that if you have a servicestack site at domain.com, and another one at api.domain.com, the cookies will fight with each other. In Chrome the cookies stay separate, but in IE the cookies will be shared even though no domain is specified on the cooke. I know this to be the case because we had this working fine in Chrome but accessing the system in IE caused each site to log the other one out repeatedly. A discussion on this point and a test script to demonstrate can be found here : https://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain/44342126#44342126