Would the fact that this forum is in http and not https have anything to do with it?
No, I don't think so, I manage several other phpBB forums, and they are all http
and never have encountered this,
This forum, though I am not a administrator,but I don't think there is anything
a admin could do anyway.
How ever , note in this FAQ, it does not say much, but it does not recommend
staying logged in, especially if it is a shared computer ,
http://forums.debian.net/faq.php When you stay logged in, even though you are not connected there is a much higher
chance somebody else could gain access via your account.
I also do not recommend using that feature, and staying logged in, actually on any forum or web site, even when it is https..
It is a "convenient" when one has several sites they are managing or administer, and does save a little bit of time when you check each one.
Even, when I logout , it is no big deal, the cache and "cookies" thing on my browser
remember my user name and password, all I need to do is connect, and click "login".
I am curious, about something,... Who is your internet provider ? (your ISP), ?