diff --git a/authcache.helpers.inc b/authcache.helpers.inc
index 3f33f15..8e1adca 100644
--- a/authcache.helpers.inc
+++ b/authcache.helpers.inc
@@ -5,6 +5,19 @@
  * Helper functions for the Authcache module (no Drupal hooks here).
  */
 
+/**
+ * Returns an array containing all the roles from account_roles that are not
+ * present in allowed_roles.
+ */
+function _authcache_diff_roles($account_roles, $allowed_roles) {
+  // Remove "authenticated user"-role from the account roles except when it is
+  // the only role on the account.
+  if (array_keys($account_roles) != array(DRUPAL_AUTHENTICATED_RID)) {
+    unset($account_roles[DRUPAL_AUTHENTICATED_RID]);
+  }
+
+  return array_diff_key($account_roles, $allowed_roles);
+}
 
 /**
  * Should the current page be cached?
@@ -161,13 +174,7 @@ function _authcache_is_account_cacheable($account = FALSE) {
   }
   // Logged-in
   elseif ($account->uid) {
-    unset($cache_roles[DRUPAL_ANONYMOUS_RID]);
-    $extra_roles = array_diff(array_keys($account->roles), $cache_roles);
-
-    // Admin selected a role, but did not selected "authenticated user"
-    if ($extra_roles && count($extra_roles) == 1 && count($account->roles) > 1 && $extra_roles[1] == DRUPAL_AUTHENTICATED_RID  ) {
-      return TRUE;
-    }
+    $extra_roles = _authcache_diff_roles($account->roles, $cache_roles);
 
     if (!empty($extra_roles)) {
       return FALSE;