I am just going to reply to this here if you don't mind. I have been on an old phpBB 3.0.x board that does not have ip session validation and it is a lot more active than phpBB.com. No one gets logged into anyone else's account or session nor was anyone hacked. All that has occurred is that users with rapidly changing ip addresses don't have problems.AmigoJack wrote: ↑Wed Oct 12, 2022 4:09 pmIf multiple sessions from the same IP address come in then they must be distinguished - especially when they're logged in. You don't want anyone to be logged in as someone else, hence "accounts". I was not talking about logins, only sessions.[Dimetrodon] wrote: ↑Wed Oct 12, 2022 2:28 pmYou said "whole point is to tell accounts apart" which is not what this is.
I don't need to use a proxy though. I'm surprised, but the "Remember me" checkbox seems to mitigate my problem, just making sure my browser accepts cookies as well.
I do still assert that phpBB's settings strike me as one of the most "harsh" (if that's the right word) on such enforcement.