Using this info they presume it really is Risk-free to return a cached Model of the primary HTTP GET. When you split the HTTP specification you chance breaking HTTP client and proxies within the wild. Never get it done :)How does not sticking data while in the URL ensure it is more secure? (Btw, I am a kind of who thinks that a Bogus perception of