...
For the most part, this is probably a good behavior for it to have , -- an extra layer of security.
But if your website is behind a load-balancer and not properly configuredconfigured to use the actual client IP address instead of the load balancer IP address, there can be some unintended consequences. If the web server is sending SP sees the load-balancer 's IP to the SP instead of the clientbrowser's IP, then the SP session will reset whenever the load balancer's IP changes – e.g. . For example, when there are multiple load-balancers balancer nodes in the pool and the user's HTTP request comes in through a random onenode, then the SP session will reset once every few minutes. From the end-user's perspective, it looks like the session expired early and they have to log in again.
...