Can server-side caching misconfiguration lead to stolen logins?
If a webapp sends Cache-Control: private it shouldn’t be cached for example with nginx proxy_cache. What could happen if it was cached anyhow? Could another visitor see the personalized login of another user? Might another visitor then bei… Continue reading Can server-side caching misconfiguration lead to stolen logins?