Remember me doesn't work when using IPv6

Hello,

I have noticed something that has been irking me for a while. After I got native IPv6 addresses delivered from my ISP (woo!), the Remember me functionality of the admin page hasn’t been working reliably. This is the case both for the login itself and 2FA prompt.

What I suspect is happening is that the IP address is a part of the remembered session, and when the IP address changes, the session expires. Now this is fine for IPv4 where changes isn’t very common, but for IPv6, where the default configuration is to generate temporary addresses for outbound requests now and then, it causes a problem. I think in this case it would be better to match the session against the whole /64 block. I don’t think this should have any major impact as it should usually be the same boundary that would share a external NAT IP for IPv4.

I have ipv6 (and [https://dash.cloudflare.com/cdn-cgi/trace](the diagnostics page confirms this)) and the ‘remember me’ functionality works for me. I believe it’s *only* cookie based, but I may be wrong about that.

Are you certain your ISP has assigned you only a /64? Some ISPs have assigned a /56 even for residential deployments.