Stash doesn't Respect "Require Consistent Client IP Address" Configuration

Steps to Reproduce:

1. Setup Crowd SSO with JIRA and Stash
2. Login to Crowd to ensure that "Require Consistent Client IP Address" is enabled
3. Login into JIRA/Stash to ensure that SSO is working
4. Open Firebug (FireFox) or Developer Tools (Chrome)
5. Go to cookies tab
6. Take note the crowd.token_key value
7. Go to a another machine
8. Open FireFox or Chrome (do not open any application integrated with Crowd yet)
9. Open Firebug or developer tools in the second machine
10. Create a cookies
    1. Enter crowd.token_key as the cookies name
    2. Enter the domain of your instances into the host field
    3. Tick "Session" and "Http Only" options
    4. Enter the key value noted at step 6
11. Access JIRA and Stash
12. JIRA authentication will be rejected by Crowd as the token is used by another IP
13. Stash authentication will be accepted by Crowd even when "Require Consistent Client IP Address" is enabled

Expected Results:

Crowd should rejected the authentication from Stash when it using a token key that is generated by different IP as describe [here|"Require Consistent Client IP Address" is enabled]

Authenticated sessions can be tied to the IP address they were created from. This means that an attempt to use that session from another machine will fail, which will force mobile clients to reauthenticate when their IP address changes.

This setting can be disabled to relax that requirement, so a session can be used from any IP address. Note that changing this setting will invalidate any existing sessions, so you will be logged out after making this change.

Actual Results:

Crowd reject the authentication coming in from JIRA which is the expected behaviour but authenticate Stash successfully even when the token used by the second machine was generated by different IP address.