Following the recent AOL caching discussion, I started ponder what caching meant regarding my new development work. We are finally addressing the cf - spider issues by using a modified version of formurl2attributes. However, this now raises the greater likelihood of there being hijacked sessions. We have addressed this issue to some extent by comparing http-referer and remote ip address variables, but I definitely see the value in preventing proxy servers from caching dynamically created pages. So what is the best way to do that? I thought about using <cfhead name="Pragma" value="no-cache"> which should be a good directive to well-behaved proxy servers. However, I do want browsers to cache reused images for logos and rollovers and such and when I looked at Microsoft's site to see how I.E. treats caching issues, I read that Pragma:no-cache will prevent local browser caching. So is there a good way to prevent proxy servers from caching, but still let browsers cache? Reading the AOL webmaster page on caching, they also mention: Cache-Control: no-store User requested object from originating server Cache-Control: no-cache, no-store, private Originating server has requested no caching Can anyone tell me what the difference between these two are and if they would effect browser and proxy caching differently? I looked through the http 1.1 spec and could get a really solid grasp on caching and proxy vs. browser implementations. Thanks, Judah McAuley ------------------------------------------------------------------------------ Archives: http://www.eGroups.com/list/cf-talk To Unsubscribe visit http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a message to [EMAIL PROTECTED] with 'unsubscribe' in the body.