Our releases published to Packagist use version numbers with a
"v"-prefix, e.g. "v1.18.7".

The build-release script overwrites this with a version number without
the "v"-prefix, e.g. "1.18.7".

The result of this is that the composer.json in our release tar-files
does not match the composer.lock file in the repository nor the
composer.json that Packagist looks at.

Fix this by prepending a "v" to the version number when updating
composer.json.

eduPerson recommends: 'Multiple "@" signs are not recommended, but in any case,
the first occurrence of the "@" sign starting from the left is to be taken as
the delimiter between components. Thus, user identifier is to the left,
security domain to the right of the first "@".'

Closes #236

This would otherwise terminate win an error because checkURLAllowed
does not accept a null parameter.

Currently the remember me functionality does not work correctly and using it results in severable undefined index errors as the expire cookie parameter is passed along the SessionHandlerPHP which does not accept this one. Using lifetime instead of expire, effectively doing the same thing, this can be fixed in a pretty simple way. Next to that the params given to the session handler are merged with the current ones before given to the session handler instead of after.