Don't return true from IsAuthenticated() on the first API access with…

[watercraft]

… an expired session

This change is needed to avoid returning true from IsAuthenticated() on the first API access after a session is expired.
This was tested using yosssi/boltstore for session cookies, which correctly return the flag IsNew true from New() for an expired session.
However, it takes another round of middleware access for IsAuthenticated() to fail with the code before this change.
#22

[watercraft]

I question the results from Wercker.
First it is using go-1.2 while most work that I've seen is at least up to go-1.6.
I pulled in both sessionauth and graybird/redigo/redis that it is complaining about and they both compile for me on go-1.6.
Clearly if graybird/redigo/redis doesn't support go-1.2 and this package depends on graybird/redigo/redis directly or indirectly, than sessionauth can't support go-1.2 either.
Can you change the Wercker configuration to a go version that graybird/redigo/redis supports?