They say that:- Pages are cached based on their key. The key for this cache is the URI followed by the query string. An example is /admin/SomePage.jsp?id=1234&name=Beagle. However I am unsure how will it provide the security. If someone changes the id and hits the page, will it show-up the cached data of some other user? Can't we decide our own keys? Can't we decide when to pick up the cached data and when to fetch new data?