I have a Rails 3 website for which the main page is static content plus a login form. I want to use HTTP caching on this page (there was a varnish on Heroku), but then the authentication token in the login form is cached, which starts fake protection and denies entry for everyone except the first session.
I believe that my best way of doing this is to disable fake protection for this action, but first I want to understand the risks involved.
So ... what are the risks of disabling fake protection in this scenario?
Alternatively, is there a better way to solve this problem?
source share