It sounds to me like you are losing the session which causes
another session to immediately start when you hit the next page
with a brand new cfid and cftoken. You can verify this by
outputting the cfid and cftoken on both the login page and the next
page - if they are not the same then this is the case. And yes, you
can get around this by passing the id and token although it's not
the best solution - it would be much better to find out why you're
losing the session in the first place. If you do decide to pass the
id and token, keep in mind you will need to pass them on every page
of the site (which is ok for a small site, but a huge pain on
something a bit larger, as well as a possible security concern).
I encountered this exact situation for a couple of our apps
that actually need to run inside a frameset of another large portal
app that we don't host and have no control over. No matter what we
tried, the session was always being lost when running in the portal
frameset. We ended up passing the id and token from page to page as
we found no other solution. Fortunately these were very small sites
with only a few pages.
You have the choice to either pass the id and token in hidden
fields in forms or in the url querystring. Hidden fields would be a
little better allowing post submissions rather than get imho. In
addition, the <cflocation...> tag offers the
AddToken="Yes/No" attribute which if set to "Yes" will pass the
token in the url.
Actually, we had a similar but totally unrelated issue on one
of our very old servers a few years ago. That problem stemmed from
the fact that the server had an illiegal host name (the name had an
underscore character [.e. my_host.mydomain.com] which is
technically illegal for a host name). Unfortunately, since it isn't
that easy to change the host name once the server has been set up
the it folks instead chose to create multiple dns entries with
aliases (don't ask me exactly how 'cause I don't quite know) to get
around this - all I know is that it was really a mess for a while.
I remember having lots of issues with losing sessions on taht
server. Fortunately it is now ancient history (thankfully).