> If you happen to type in a URL, they can revive your
> session from the cookie. Pretty nifty trick.
This would seem to be a security hole to me. URLs appear in the logs
of the server as well as any proxy servers along the way. If the URL
contains reusuable auth info, anybody accessing any of the logs could
gain access to customer accounts.
> to prevent proxy caches from caching personalized pages
> and serving them to the wrong end-user.
If you want to ensure privacy, use:
$r->header_out('Cache-Control' => 'private');
If you want to turn off caching altogether, use:
$r->header_out(Pragma => 'no-cache');
Rob
