Elxis 5.6 automatically enforces selected password expiration policy. When a user login and has not changed his password for the configured period then Elxis displays him a special page to change his password. The change of the password is required and the user cannot escape this procedure. Also the password must meet the configured complexity pattern. For this feature it was required to develop a new exit page (like 403, 404, etc) called pwchange.

Also in Elxis 5.6: If you try to login 3 times without success Elxis locks your account temporary for 5 minutes. This feature implemented to prevent brute-force attacks (required by security standards).

Done. All modules in Elxis 5.6 have now an ID declared in their wrapper DIV element.
Example:
<div class="module" id="moduleX">
...
</div>

Where X is the module ID. So you can create links like href="#module14"

Attention: If you include the same module twice in the same page (eg in 2 module positions) you will end with duplicated IDs in the same page which is an HTML error.

Why do such a thing? An example from your Five template: frontpage slider. Imagine, in the Caption field for a slide, if I want to write "17th event" but I want the "th" to be superscript.

Elxis 5.6 request: Not sure if this is possible, but it would be useful to be able to give a module an ID in parameters, similar to how we can already apply classes.
e.g. for pages with internal anchor links, to enable internal navigation via anchor link to a module that appears on the page.

No, this has nothing to do with the URL. There is no such issue as the one you mention.

You have been stopped because the security token is wrong. This happens when you open simultaneously multiple edit pages. Only the last opened in legitimate. If you try to submit (save) a previous one the request will be dropped. This feature is in order to be protected against XSS attacks.