Include client IP address in encrypted cookie

[jlouvel]

Based on this discussion, it seems useful to include the client IP address in the encrypted cookie to prevent replay attacks from other clients who stole the cookie.
http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3060350

[ansell]

Doing that will break many different corporate and ISP setups, particularly NAT'ed users who are behind revolving proxies. Please do not enable it by default.

[jlouvel]

You're totally right Peter, thanks for the warning.