diff --git a/public/include/classes/user.class.php b/public/include/classes/user.class.php
index 8e4c0e70..bcac801c 100644
--- a/public/include/classes/user.class.php
+++ b/public/include/classes/user.class.php
@@ -814,10 +814,17 @@ class User extends Base {
    **/
 public function isAuthenticated($logout=true) {
     $this->debug->append("STA " . __METHOD__, 4);
-    if (@$_SESSION['AUTHENTICATED'] == '1' &&
-        !$this->isLocked($_SESSION['USERDATA']['id']) &&
-        $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']
+    if (!$this->config['strict']) {
+      if (@$_SESSION['AUTHENTICATED'] == true &&
+      !$this->isLocked($_SESSION['USERDATA']['id']) &&
+      $this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']
       ) return true;
+    } else {
+      if (@$_SESSION['AUTHENTICATED'] && $_SESSION['AUTHENTICATED'] == '1' &&
+      (!$this->isLocked($_SESSION['USERDATA']['id'])) &&
+      ($this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']))
+        return true;
+    }
     // Catchall
     if ($logout == true) $this->logoutUser($_SERVER['REQUEST_URI']);
     return false;
diff --git a/public/include/pages/account/edit.inc.php b/public/include/pages/account/edit.inc.php
index 87a9ff3d..6c728c0a 100644
--- a/public/include/pages/account/edit.inc.php
+++ b/public/include/pages/account/edit.inc.php
@@ -150,7 +150,7 @@ if ($user->isAuthenticated()) {
 
 
 // 2fa - one last time so we can sync with changes we made during this page
-if ($user->isAuthenticated() && $config['twofactor']['enabled']) {
+if ($config['twofactor']['enabled'] && $user->isAuthenticated()) {
   // set the token to be the old token, just in case an error occured
   $ea_token = (@$oldtoken_ea !== '') ? $oldtoken_ea : @$ea_token;
   $wf_token = (@$oldtoken_wf !== '') ? $oldtoken_wf : @$wf_token;