Yes, I reported that problem some time ago and you already mentioned the problem back then and I totally agree it needs fixing. We can either have a user cookie and expire that one as well, or we just fix permission_p (or whatever you would like to fix in what variety).