1.What is Caching?

Caching is a hardware or software component that stores data so future requests for that data can be served faster; the data stored in a cache might be the result of an earlier computation, or the duplicate of data stored elsewhere.

2.How does Caching affect Employee Self Service

ESS displays sensitive data, such as Payslips, IRP5’s, personal data etc. If this data is cached, employees will be able to see the last cached data, meaning, someone else’s data.

Example, if Employee A logs in to ESS to view his/her payslip, and employee B logs in straight after Employee A, to view his/her payslip, the server sees that caching is turned on, and instead of going to the database to fetch Employee B’s payslip, it has Employee A’s payslip stored in cache, and displays Employee A’s payslip, for Employee B. The same will apply for personal data, IRP5’s etc.

3.Impact at Client’s

Caching can have a very negative impact on business, especially for sites such as employee self service. The employee self service is secured as much as possible from the development end, with unique usernames and passwords, timeouts, fail count of passwords etc. but if caching is turned on, this could all go to waste, as employees would be able to see each others data.

It is imperative, that before any caching changes are done within an environment, it should be cleared with the ESS server Administrator.

Once changes are made to caching, a group of Users should first test the ESS, and make sure that caching is disabled for ESS, at least. Once confirmation is provided that ESS is not affected by the caching changes, the ESS can be made available to all employees again

4.Turning off Caching in Microsoft TMG (Threat Management Gateway)

4.1. In the Forefront TMG Management console tree, click the Web Access Policy tab



4.2.On the Tasks tab, under Related Topics, click Configure Web Caching.
4.3.In the Cache Settings dialog box, click the Cache Rules tab, and then click New.
4.4. On the Welcome page of the New Cache Rule Wizard, click Next.
4.5. On the Cache Rule Destination page, click Add.
4.6. Specify the name of the internal server URLs that should not be cached. For example, http://192.1.1.1:8080\WebModule\
4.7. On the Content Retrieval page, select Only if a valid version exists in the cache. If no valid version exists, route the request to the server. Then click Next.
4.8.On the Cache Content page, select Never, no content will ever be cached. Then click Next.
4.9. Click Finish to complete the wizard.