actually isn’t this pretty bad, since it contains very sensitive authorization tokens?
anyway I had to log in again today. logged in, then went back (browser back) to the editor where I was trying to edit some stuff, and it logged me out. I found this request in the inspector:
request went out with new persistent token from logging in just now
old persistent token provided as response
and it said it was served from disk cache
isn’t that Date header that in the future 
(edit: nvm it’s almost a day in the past)
the result is this clobbers my new persistent token and causes me to get logged out again