DoS attacks, $_SESSION and caching

I run a blog at work that includes affiliate sales links. Every so often, in the middle of the night, there will be a flurry of DoS-like activity to the blog to point that our site goes down for a minute or two.

We do not do any caching on the blog. We use $_SESSION[‘id’] to keep user information and pass each user a unique ID. WP-super cache caches the information from $_SESSION[‘id’] affiliate links & multiple users would get the same ID, (IE http://www.chorizon.com?id=the_same_id_for_everyone_until_the_cache_resets) our partners thought we were pulling some kind of scam.

So what should my next step be? Should I figure out a way to $_SESSION.PHP and everything in the sidebar from being cached? What other methods besides caching can I use to speed up performance?