Add help text for session's client address #2692
The auth framework does not support updating sessions beyond the last used timestamp.
Users might expect the address to change, but if we want to expose that we need to save this information separately in the future.
This change merely informs the user about this circumstance and makes the headers available internally for some optimization regarding session extension (less DB requests).
do not extend sessions for proxied requests (the initial request has already done that, reduces db traffic)