Having my browser on a dual IPv4 + IPv6 stack causes spurious invalidation of session

A little now and then, I get sporadically kicked out from CCMS sites.

Today, I went looking at the log reports, and found this:

So, it appears that sometimes, my browser switches protocols, for unknown reasons.

Is there a way to disable this particular check? Otherwise, I suppose that the answer is to have my http server only respond on IPv4, which is a bit annoying but doable… but this behaviour isn’t exactly what I would call mobility friendly…

This can happen when you’re running sites behind something like Cloudflare. But also happens if you are on a network where your IP address can change.

Here’s instructions for the config option you can create to make Concrete not log users out on IP address change:

Your session has expired. Please sign in again - #7 by drbiskit}

If you are using Cloudflare though, it’s better to not adjust that setting, and instead set up the trusted proxies. In that case you’d search for ‘Trusted Proxes’ in the dashboard, paste in the two sets of IP addresses here: IP Ranges
and check the headers to be forwarded (I believe you’d check all except the last one)

Yeah, I just found that one, and it appears to be controllable through the Dashboard too:

My site isn’t behind cloudflare. However, my home network has both IPv4 and IPv6 (the latter is an IPv6 over IPv4 tunnel, courtesy of tunnelbroker.net)

Ah yep, I forgot that dashboard page existed!