To prevent misuse of session cookies, users are usually required to re-authenticate in the Bitbucket UI if a subsequent request comes from a different IP address. However, in some cases, customers may not be able to control the source IPs of their users, and can change frequently. To resolve this, Bitbucket should provide a feature that allows users to whitelist a range of IP addresses. If a user's IP changes but remains within this whitelisted range, the session should continue without the need for re-authentication.