Can server-side caching misconfiguration lead to stolen logins?

If a webapp sends Cache-Control: private it shouldn’t be cached for example with nginx proxy_cache. What could happen if it was cached anyhow? Could another visitor see the personalized login of another user? Might another visitor then being logged in as another user?

Go to Source
Author: adrelanos