diff -upr sites/all/modules/boost_orig/boost.module sites/all/modules/boost/boost.module
--- sites/all/modules/boost_orig/boost.module	2008-10-25 21:30:34.000000000 +0400
+++ sites/all/modules/boost/boost.module	2009-01-21 16:11:02.000000000 +0300
@@ -69,16 +69,27 @@ function boost_init() {
     if (!empty($user->uid)) {
       boost_set_cookie($user);
     }
-    // We only serve cached pages for GET requests by anonymous visitors:
-    else if ($_SERVER['REQUEST_METHOD'] == 'GET') {
-      // Make sure no query string (in addition to ?q=) was set, and that
-      // the page is cacheable according to our current configuration:
-      if (count($_GET) == 1 && boost_is_cacheable($_GET['q'])) {
+    // We only serve cached pages for GET requests by anonymous visitors.
+    // Also pages with 'nocache' parameter in request will never be cached
+    else if ($_SERVER['REQUEST_METHOD'] == 'GET' && !isset($_GET['nocache'])) {
+      // Make the proper filename for our query
+      $fname = '';
+      foreach ($_GET as $key => $val) {
+        if ($key != 'q') {
+          $fname .= (empty($fname) ? '' : '&') . $key . '=' . $val;
+        }
+      }
+      $fname = (empty($fname) ? '' : '_' . $fname);
+
+      // Make sure the page is cacheable according to our current configuration:
+      if (boost_is_cacheable($_GET['q'])) {
         // In the event of errors such as drupal_not_found(), GET['q'] is
         // changed before _boost_ob_handler() is called. Apache is going to
         // look in the cache for the original path, however, so we need to
         // preserve it.
         $GLOBALS['_boost_path'] = $_GET['q'];
+        $GLOBALS['_boost_query'] = $fname;
+
         ob_start('_boost_ob_handler');
       }
     }
@@ -106,22 +117,15 @@ function boost_exit($destination = NULL)
     // session messages have actually been set during this page request:
     global $user;
     if (empty($user->uid) && ($messages = drupal_set_message())) {
-
-      // Check that the page we're redirecting to really necessitates
-      // special handling, i.e. it doesn't have a query string:
-      extract(parse_url($destination));
-      $path = ($path == base_path() ? '' : substr($path, strlen(base_path())));
-      if (empty($query)) {
-        // FIXME: call any remaining exit hooks since we're about to terminate?
-
-        // If no query string was previously set, add one just to ensure we
-        // don't serve a static copy of the page we're redirecting to, which
-        // would prevent the session messages from showing up:
-        $destination = url($path, 't=' . time(), $fragment, TRUE);
-
-        // Do what drupal_goto() would do if we were to return to it:
-        exit(header('Location: ' . $destination));
-      }
+      // FIXME: call any remaining exit hooks since we're about to terminate?
+      
+      $query_parts = parse_url($destination);
+      $query_parts['path'] = ($query_parts['path'] == base_path() ? '' : substr($query_parts['path'], strlen(base_path())));
+      // Add a nocache parameter to query. Such pages will never be cached
+      $query_parts['query'] .= (empty($query_parts['query']) ? '' : '&') . 'nocache=1';
+      $destination = url($query_parts['path'], $query_parts);
+      // Do what drupal_goto() would do if we were to return to it:
+      exit(header('Location: ' . $destination));
     }
   }
 }
@@ -540,6 +544,9 @@ function boost_file_path($path) {
   if (empty($path) || $path == drupal_get_normal_path(variable_get('site_frontpage', 'node'))) {
     $path = 'index'; // special handling for Drupal's front page
   }
+  if ($GLOBALS['_boost_query']) {
+    $path .= $GLOBALS['_boost_query'];
+  }
 
   // Under no circumstances should the incoming path contain '..' or null
   // bytes; we also limit the maximum directory nesting depth of the path
@@ -549,7 +556,7 @@ function boost_file_path($path) {
   }
 
   // Convert any other undesirable characters in the path to underscores:
-  $path = preg_replace('@[^/a-z0-9_-]@i', '_', $path);
+  $path = preg_replace('@[^/a-z0-9_\-&=,\.]@i', '_', $path);
 
   return implode('/', array(BOOST_FILE_PATH, $path . BOOST_FILE_EXTENSION));
 }
diff -upr sites/all/modules/boost_orig/htaccess/boosted1.txt sites/all/modules/boost/htaccess/boosted1.txt
--- sites/all/modules/boost_orig/htaccess/boosted1.txt	2008-10-25 20:29:26.000000000 +0400
+++ sites/all/modules/boost/htaccess/boosted1.txt	2009-01-20 23:38:58.000000000 +0300
@@ -131,6 +131,15 @@ DirectoryIndex index.php
   RewriteCond %{HTTP_COOKIE} !DRUPAL_UID
   RewriteCond %{DOCUMENT_ROOT}/cache/%{SERVER_NAME}%{REQUEST_URI}.html -f
   RewriteRule ^(.*)$ cache/%{SERVER_NAME}/$1.html [L]
+  
+  RewriteCond %{REQUEST_METHOD} ^GET$
+  RewriteCond %{REQUEST_URI} !^/cache
+  RewriteCond %{REQUEST_URI} !^/user/login
+  RewriteCond %{REQUEST_URI} !^/admin
+  RewriteCond %{QUERY_STRING} !^$
+  RewriteCond %{HTTP_COOKIE} !DRUPAL_UID
+  RewriteCond %{DOCUMENT_ROOT}/cache/%{SERVER_NAME}%{REQUEST_URI}_%{QUERY_STRING}.html -f
+  RewriteRule ^(.*)$ cache/%{SERVER_NAME}/$1_%{QUERY_STRING}.html [L]  
   # BOOST END
 
   # Rewrite URLs of the form 'x' to the form 'index.php?q=x'.