I installed the latest release mentioned in this thread on a fresh J! 1.0.11 install on my local dev server running PHP5.2.0. I had problems with getting a Javascript alert "Session expired" pop up when trying to register a new CB user.
I traced the problem to the spoof checking method in comprofiler.class.php: cbSpoofCheck(). In fact the problem isn't really in the spoof check per se but the suhosin hardening settings for PHP5. The trouble comes from the length of the spoof checking variable name that is put into the registration form. It's over 64 characters long and the default request varname length in the hardened PHP is 64! This means it never ends up in the $_POST structure, hence never validating the spoof method...
I guess it's not a problem right now since most people run this under PHP4 but once PHP5 becomes ubiquitous, this may be a problem if the default server values are unchanged.
I had to edit my php.ini and the suhosin.ini files to increase the request.max_varname_length. There are values for:
request.max_varname_length, get.max_varname_length and post.max_varname_length
Just thought I'd mention this for the devs to think about and if anyone else encounters this problem.
The thing that solved the problem was quite simple, but strange: I simply (and very crude) copied over all the files from the expert-folder, overwriting the original files. And voilá..! It works now!