Change creation of HopSession cookie value

Only include one of either, IP forwarded by proxy or remote address

src/main/java/helma/servlet/AbstractServletClient.java

@@ -554,8 +554,13 @@ public abstract class AbstractServletClient extends HttpServlet {
             // If protected session cookies are enabled we also force a new session
             // if the existing session id doesn't match the client's ip address
             StringBuffer buffer = new StringBuffer();
+            String ip = request.getHeader("X-Forwarded-For");
+            if (ip != null && ip.length() != 0) {
+                addIPAddress(buffer, ip);
+            } else {
                 addIPAddress(buffer, request.getRemoteAddr());
-            addIPAddress(buffer, request.getHeader("X-Forwarded-For"));
+            }
+            // Not sure, if this line can be removed
             addIPAddress(buffer, request.getHeader("Client-ip"));
             if (reqtrans.getSession() == null || !reqtrans.getSession().startsWith(buffer.toString())) {
                 createSession(response, buffer.toString(), reqtrans, domain);