On Sun, 17 Aug 2003 16:20:47 +0200, in cf-talk you wrote: >Jamie Jackson wrote: > >> I'm using session cookies to store CFID and CFTOKEN. >> >> Concern: >> If there's no user-distinguishing cfid/cftoken in the URL, isn't a >> page in danger of being cached (since the URL is no longer unique), >> and then getting served to a user in a different session? (When I >> write "cached" I mean cached by an ISP's or network's caching server, >> *not* by the client or by CF server.) > >RFC 2965, section 3.2.3 > >Jochem
Thanks for the pointer. Unfortunately, you've made me realize how weak my knowledge of HTTP headers is, and this is all Geek to me. ;-) Can anyone tell me: 1. Do I need to worry about caching when using cookies to store session info (see above for detail). 2. If I do need to worry about it, how do I prevent caching, or how do I make sure the cached page is only served to the person with the appropriate cookie? Right now, this is what I'm using, which is probably overkill: <CFHEADER NAME="Expires" VALUE="Mon, 06 Jan 1990 00:00:01 GMT"> <CFHEADER NAME="Pragma" VALUE="no-cache"> <CFHEADER NAME="cache-control" VALUE="no-cache"> I was just looking at the logs, and I see that the server gets hit for every dependency (images, css, js, etc.), on every request. This is pretty hideous. :( Any help is appreciated. Thanks, Jamie ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/lists.cfm?link=t:4 Subscription: http://www.houseoffusion.com/lists.cfm?link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
