Rachel over at cre8d-design points out that she and a fair few others are having a few issues with Slingshot caching pages they shouldn’t be.

This afternoon I tried logging into Gmail as I usually do to check my email and discovered that I was logged into someone else’s account! I got a real shock and tried a few more times, the same thing happened again.

I then tried using a different browser (IE7 instead of Firefox 2) and this time when I logged in I saw a different person’s Gmail account!

Slingshot caching private pages – cre8d-design blog

I see several issues to this problem.

  1. Slingshot has to cache web sites visited by its users. The cost of bandwidth in NZ is so extreme that to not do so would be too expensive.
  2. Caching non-HTTPS pages is standard practice.
  3. Having said that, it appears Slingshot is not paying attention to the headers of pages that request “no-cache” to avoid this problem. Especially common on Web 2.0 pages, or email hosting sites.

Short term, Slingshot needs to kill their caching rules so all they’re caching for now is images. The content of a page is marginal, so killing that will be a huge step forward for them. Most people wouldn’t notice the difference in speed either, and I doubt Slingshot would incur any significant cost in doing so.

Once thats done, then they need to sort out their proxies so they do work as expected. I can’t give suggestions on how to do this as I don’t know what their infrastructure is. Either way, they definitely need to ensure they’re not caching anything else (like cookies for example.)

This is just one of the reasons why, if a site offers it, I will always use the HTTPS version of a site. You avoid little problems like this. :-)