allow negative max_age

[craff]

Negative or null max_age is the recommended way to erase a cookie on the client (or expires in the past). It is not currently accepted.

You should either allow this or provide a "remove" function that would only keep the key and put a negative max_age.

A PR is coming with the second solution as I need it.

[bikallem]

Fixed by #8