Got the error "Invalid remember-me token (Series/token) mismatch. Implies previous cookie theft attack." Is the session token tied to the IP? I may have logged in at home when on VPN- that is the only thing I can think of that may be related. However, I've logged in/out with previous versions of Stash without problem. And I'm 99% sure that I've not suffered a cookie theft attack. Is there a related bug in Spring Security that Stash v2.8.1 is using? (I think that is where error is coming from at least, and we upgraded about 3 weeks ago.)