#32 X-Forwarded-For not taken into account

[Sergiu Dumitriu]

When using a proxy, with the useIP option enabled, the cookie uses not the actual client IP, but the IP of the last proxy. This has 2 bad consequences:
- two clients using the same proxy, or using a reverse proxy, will appear to make requests from the same IP, so stealing a cookie is much more easy; it effectively makes the useIP option useless;
- when using more than one reverse proxies in a cluster, the sessions will be invalidated as the IP will dynamically change between requests, making authentication impossible while useIP is enabled.