Darren,
Try looking at what IE does around the cutoff point.
I'm not sure how well browers (and proxy caches) follow cache control
directives - I can't see anything wrong with your headers.
I don't know if there are any FAQs etc on this subject. Certainly I've
seen bad things happen with cookie expiry times on IE (similarly, if
cookies are set to expire "fairly soon", they tend to get chucked away
if users have incorrect time zone/time settings), and most sites seem to
use cookies that expire a Long Way into the future. Which is pretty
fishy.
This is arguably OT, but since cache control is related to performance,
and to making cookie-based authentication work properly, it seems pretty
relevant.
Cheers
--
Tim Sweetman
