<b>This week in caching: full-page cache landmines</b>

<b>This week in caching: full-page cache landmines</b>
FPC is the biggest speed win and the biggest footgun. Field notes:
— <i>Caching the logged-in state by accident</i> — the classic where user A sees user B's cart because the cache key ignored the session.
— <i>CSRF tokens in cached HTML</i> — why your forms 419/403 after enabling FPC, and the ESI/AJAX fix.
— <i>Flash messages and one-time content</i> — how cached HTML strands 'order confirmed' banners on the wrong page.
— <i>The cache that never warms</i> — bot-only cache fills leaving real users on cold misses.
Credits to the Magento and Drupal performance communities, who've stepped on all of these.
Bookmark: the session-leak writeup — the bug that becomes a security incident.