Hi,
when disabeling or changing an ip range entry the associated entries in the session cache should be deleted. otherwise already ipAuth authenticated users are not "logged out" and could stay "logged in" although they shouldn't have access anymore.