I have a question regarding whether incorrectly configured proxy/cache servers might be the cause of an odd problem I have seen in my web application.
The application is LAMP based, and run off a single host, and the service is used from a number of different countries. Sessions are used to manage user interactions.
While this application has worked well for a number of years (with several tens of thousands of users), I am frustrated by the occasional rare report where one user states they see a page that should be for another user (the other user's name appears in the "you are logged in as" prompt).
Although very rare, what is consistent about these reports is that the users are in a shared computer lab environment (for example a library or a school network) where multiple people are using the tool simultaneously. I imagine that these environments use proxy/cache servers. The web application sends all the appropriate Cache-Control headers to tell the proxy server not to cache any of the pages.
One possible scenario I can imagine which might cause the reported problem would be if one user makes a request via the proxy (along with their session cookie) for a particular URL and gets back their page which is also cached by the proxy. Another user makes a request for the same URL, but despite the fact their cookie information corresponds to a different session, the user gets the cached page back from the proxy (with the incorrect user information). Does this sound plausible?
If it is plausible, because I have no control over the proxy configuration, is there anything I could do about it? For example, could I insert some hash of the username into the URL so that at least one user would not receive cached pages from another user's session?
Many thanks for any advice.