Visiting http://awards.tweakers.net logs you out on tweakers.net
The ruleset for *.tweakers.net doesn't enforce https for the subdomain awards.tweakers.net. Combined with the securecookie rule this causes the session-id cookie to be overwritten with a new one for a not-logged-in session.
It probably is best to just be less specific wrt subdomains:
Also the exclusion rule for crossdomain.xml might not be necessary anymore, but I haven't checked that yet.
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information