Pretty obvious when I figured out what was happening, IPv6 privacy addresses aren’t really compatible with IP Session binding. As I discovered and was driven nuts by for a day or two after my ISP added v6 :) If you’re using v6 and seeing rapid session expiry, try disabling IP Session binding.

Consider this a RFE for IP Session binding on IPv4 addresses only. Maybe a second request for a loose form of IPv6 session binding to within the same network range (either /64 or user configurable?) to allow some restrictions on it? Not sure how feasible that would be, but it sounds like it could give us some reasonable v6 protections.

Thanks for reading,

-Darrell