[ten7]

Why not just slap Varnish in front of that and be done?

[stevekemp]

That would be the end goal - but since all users get cookies there's not obvious "I'm anonymous" vs "I'm a signed-in-user" differentiator I can use to control whether to cache or serve live.

It'll happen, shortly, but the fastest solution was to re-deploy on a scaling platform.

[X-Istence]

When a user is logged in, use a Vary: Cookie header, when a user is not logged in, leave that off. Set the expiration time as appropriate.

[latchkey]

Which brings the next question... why not use Github for authentication?