FYI...
We are experiencing the same issue:
1. We are NOT using OpenSEF, SEO, etc (Yet!)
2. We are NOT using the CBLogin 1.0, rather the Simple Machine Forums Bridge-Login Module. They're routines create smf user definitions on initial logins, persistent lifetime session cookies, etc....
Does anybody know if CBLogin would work the same w/ SMF Bridge 1.1.4? (In the new install README it states that it most likely will NOT work with any other login methods, etc)
3. I do believe the issue could have something to do with Session conflicts, or at least with the creation/expiration part of it. At one point, wish I had steps avail to replicate, no matter how many times I refreshed, etc. I got what was actually a 403 Forbidden, that "included an additional 404"? (Never seen this before?) It ultiimately took me closing/reopening my browser to get our site to resolve?
Anyway...seems like a permission issue (403 Forbidden), but I'm pretty stumped on my end.