Hi all,
I'd like to follow up Ham's question. Now, we're all trying to build beautiful, dynamic sites to be enjoyed by countless admirers around the world.
What if 2 or more such admirers are using the same HTTP proxy and trying to access www.ursite.com/myaccountinfo?
Assuming www.ursite.com/myaccountinfo is a typical dynamic ACS page and assuming that no special expires or pragma headers were set, could your typical proxy server (say Squid) cache said page and deliver the same version to all users?
I notice that Hotmail and even Yahoo embed a random string within their URLs, which I think is the session ID. I thought this was for browsers that don't support cookies. But is cache prevention another reason for this? Could the ACS RP be hacked to do something similar? Has anyone done this? Perhaps this could be a configurable parameter?
We've built several ACS sites and have never worried about this issue. However, with this project, it's definitely a problem. Has anyone run into anything similar? Is this of general concern?
Thanks!
Rob
