So, I have J2EE memory variables disabled (so, to my knowledge, CF will issue CFID and CFTOKEN)
I checked my browser (Chrome 30) and I have not disabled cookies in any shape or manner). I was dumping the SESSION scope to the screen, and taking note of the CFID, and it kept changing each time I reloaded the page, which made me think that for some reason a cookie was not being set on my browser, or my browser was not sending the cookie in the REQUEST subsequently.
Are there other things I need to check on to make sure I'm setup properly? My APPLICATION variables for SESSIONS are:
THIS.sessionManagement = true
THIS.sessionTimeout = createTimeSpan( 0,0,30,0 )
In my onRequestStart, I am running a:
<cfset onApplicationStart() />
Which as I understand it means it will run the code IN the oAS() method, but will not start a new application. None of my code in those BIFs does anything with the SESSION scope.
Are you setting THIS.setClientCookies = true? If this does not correct the issues load up a client side diagnostic tool and start capturning the page requests and responses and look carefully at the cookies. I use either IE and the F12 developer tool or the Firefox plug-in Firebug.
That's exactly it, Steve.
I was re-reading over my CFWACK Vol 1 section on cookies and I got to the same part which stated that, even though I was fooled by its use of "CLIENT" (associating that with CLIENT scope, rather than the client browser), my application had that set to FALSE originally (again, cause I assumed it meant setting CFID/CFTOKEN for CLIENT scope, which I have disabled).
Once I set it back to TRUE, my reloading of the page that is dumping the SESSION scope now shows the same CFID/CFTOKEN and I can inspect the cookies on my machine for that domain and see them just fine.