Can you provide the content of your Application.cfc or Application.cfm? For Application.cfc, we mainly need to see the pseudo-constructor code at the top to see your application settings (before any of the OnXXX functions). Also, you've enabled sessions in CF Administrator? And are you using CF sessions or J2EE sessions?
You mean you are not able to see the session cookies - CFID and CFTOKEN . Right???.
Also let me know how are you checking whether these cookies have been set or not.??
It seems like insted of URL : http://mywebsite.com/test.cfm it looks like Business website needed? Create a small business website with 1&1?&CFID=1010?&CFID=234567
After login, you'll forward to a page, use
<cflocation addtoken="no" url="mypage.cfm">
That should remove the identifying url variables.
All cflocation's in your code should contain the attribute : addtoken="no"
Thank you for your numerous answers!
This is the content of the application.cfm: [ColdFusion] Application.cfm - Pastebin.com
Here's a screenshot of the session related settings within CF administrator:
closer explanation: On the old server a CFTOKEN got generated at login and showed in the URL. When I navigated to another page, this token vanished from the URL. A cookie was set to recognise the user (even without the query string, the JSESSIONID).
On the new server, a CFTOKEN also gets generated at login and shows in the URL. When I navigated to another page, the token also vanished from the URL. Because no cookie was set, the user gets redirected to the login page.
I use the Firefox cookie manager to monitor the cookies.
You give Coldfusion a dilemma. You ask it to use sessions, for which it requires CFID and CFToken cookies. However, by setting setClientCookies to "no" (in Application.cfm), you are asking it not to automatically set cookies on the client.
This scenario will only be consistent if you 'manually' set CFID and CFToken. Otherwise, you should change setClientCookies to "yes".
BKBK nailed the issue. Turn on setClientCookies.