This content has been marked as final. Show 1 reply
It sounds to me like you are losing the session which causes another session to immediately start when you hit the next page with a brand new cfid and cftoken. You can verify this by outputting the cfid and cftoken on both the login page and the next page - if they are not the same then this is the case. And yes, you can get around this by passing the id and token although it's not the best solution - it would be much better to find out why you're losing the session in the first place. If you do decide to pass the id and token, keep in mind you will need to pass them on every page of the site (which is ok for a small site, but a huge pain on something a bit larger, as well as a possible security concern).
I encountered this exact situation for a couple of our apps that actually need to run inside a frameset of another large portal app that we don't host and have no control over. No matter what we tried, the session was always being lost when running in the portal frameset. We ended up passing the id and token from page to page as we found no other solution. Fortunately these were very small sites with only a few pages.
You have the choice to either pass the id and token in hidden fields in forms or in the url querystring. Hidden fields would be a little better allowing post submissions rather than get imho. In addition, the <cflocation...> tag offers the AddToken="Yes/No" attribute which if set to "Yes" will pass the token in the url.
Actually, we had a similar but totally unrelated issue on one of our very old servers a few years ago. That problem stemmed from the fact that the server had an illiegal host name (the name had an underscore character [.e. my_host.mydomain.com] which is technically illegal for a host name). Unfortunately, since it isn't that easy to change the host name once the server has been set up the it folks instead chose to create multiple dns entries with aliases (don't ask me exactly how 'cause I don't quite know) to get around this - all I know is that it was really a mess for a while. I remember having lots of issues with losing sessions on taht server. Fortunately it is now ancient history (thankfully).