If a customer uses ANY browser with cookies disabled,
sessions will not
work, unless you have taken steps to allow sessions to work
without cookies.
By default, in order of CF to know what user belongs to what
session
data it relies on two Cookies; CFID and CFToken. Without
these cookies,
CF assumes a user is a new user and will always initiate a
new session
state for them.
You can choose to pass the necessary CFID and CFToken values
through the
URL rather then through cookies, but this required effort and
coding an
your part to make sure the the required names and values are
passed
through every single link and connection in your application.
This can
also lead to session sharing if links with these values are
bookmarked,
emailed or otherwise published.
Bottom line -- session state requires cookie or URL tokens to
work.