Just use the latest one (Authentication Server Time/IP based Session) from the ruleset library if you are on 184.108.40.206 or higher.
Background being the ruleset has evolved overtime and criterias have changed, the latest one is the best (the second one you mentioned sounds like the original).
In the latest one there is even a rule that allows you to only authenticate under ideal conditions so you dont have to redirect away from HTTPS sites (and potentially get a certificate error).
ok thanks Jon. Yes, the second one was from the xml file available for download.