If you're branding every page served with the name of the logged
in user, you must prevent any shared cache from holding those
pages. There's nothing wrong however with the pages being
kept in a private cache such as the one your browser uses. You
can achieve this by sticking
ns_set put [ns_conn outputheaders] "Cache-Control"
"private"
ns_set put [ns_conn outputheaders] "Pragma" "no-cache"
in each page header, which at least tells sufficiently smart
browsers that they can cache the page, but tells shared caches
not to.
but there is no gurantee that the page will not be
cached at all
If a shared cache sees both
Pragma: no-cache and
Cache-Control: private and still caches the page, then it
is broken and nothing you can do on the web server will fix it. Tell
whoever is responsible to not use a broken cache.
furthermore this may actaully cause the web
application to load much slower
That's the price you pay for sticking the user's name on each
page. Either you accept that personalising every page breaks
cacheability, or you let cacheing happen and break the user
experience.
