I did some tracing aswell, and when sending an old LTPA token, it was said to be expired, but the WAS the coled the token and created a new (!!!)
Then HTTP 200 is returned.

some snips form the trace:

[7/28/09 13:43:09:172 CEST] 00000025 LTPAServerObj W SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: Token expiration Date: Tue Jul 28 13:28:53 CEST 2009, current Date: Tue Jul 28 13:43:09 CEST 2009.
[7/28/09 13:43:09:394 CEST] 00000025 LTPAToken2 3 Expiration returned from expire field in token: Tue Jul 28 13:53:09 CEST 2009
[7/28/09 13:43:13:234 CEST] 0000001f AuthzPropToke 3 Expiration passed into cloned token: 1248781819700

and BTW: I'm running on Windows