Amos Jeffries wrote:
With squid its better to pass [the session id] as a cookie (which apparently gets
stripped from any cached objects).
Not so sure about that. If you use URL rewriting, an URL like
http://x.y/app/showUserProfile;jsessionid=NNNN
works fine for several users, because they are distinguished by their
jsessionid. If the jsessionid is passed in a cookie instead, all users
fetch the same URL
http://x.y/app/showUserProfile
and might end up seeing each other's profiles when squid caches this URL.
Regards,
Oliver Schoett