Problem/Motivation
I've been tracking down a bug that happen on a custom page that set some session variables but ended up being cached.
The result was that later users then mananged to get to that page (it's part of a multi-step process) without the session being initialized, leading to errors on the next page.
Pretty sure this is the same in 7.x.
Proposed resolution
Do not treat a page with session data as cacheable?