0.2.6 ----- * Add options to disable the login decorators. * if availabe, use X-Forwarded-For header instead of request.remote_addr for the session protectin id