Hi, we are facing same problem, when open website link, session will auto revoke . Before this we are using version 11 and never had this issue. After upgrading to the latest v13 master ((erpnext)13.10.2 | (frappe)13.0.0), we encounter the exact problem as what TS mentioned .
There is a GitHub issue raised by somebody else but he was on the v12 version .
IP access is working fine, so i guess disabling the Cloudflare will be ok as well. The problem is, I have several others droplet running with v11 and mapped to Cloudflare and don’t have this issue at all.