#18 security / session spoofing

[Anonymous]

When using a proxy web server for the client, all
remote IPs appear the same to the server. This allows
someone to spoof a session very easily(confirmed).
Please find another way to authenticate a session
(client-side cookies?).

Also, can the time-out on a session be configurable
(even just a Makefile variable would be good).