Previously, when IP authentication was enabled, the user was logged in on every request. This caused the csrf token to change on every request, so all forms were failing because of an invalid csrf token. Now the user is only logged in if they weren't logged in previously.
Previously, when IP authentication was enabled, the user was logged in on every request. This caused the csrf token to change on every request, so all forms were failing because of an invalid csrf token. Now the user is only logged in if they weren't logged in previously.