cflocation and cfcookie seems to work ...?

Hi there

I am a little bit confused.

From my old CF days I am deeply affected that setting a cookie within a page that makes a cflocation should not work.

However, in my case it works - and I do not understand why (but I love it 🙂

What am I doing?

I want to bring a little bit more security into my application by renewing an additional security token with each request.

In onRequestStart I always do a

<cfset #SESSION.mySecurity.myToken# = #CreateUUID()# >

and then

<cfcookie name="CF_myToken" value="#SESSION.mySecurity.myToken#" expires="#enoughTime#" >

In my first template 'index.cfm' I click a link that calls 'goto.cfm' which makes a cflocation to 'page2.cfm'.

In onRequestStart I also do a

<cflog file="#This.Name#" type="Information" text="Entering Request for '#CGI.SCRIPT_NAME#' | mT='#SESSION.mySecurity.myToken#' | mC='#COOKIE.CF_myToken#' ... " >

-----------------------

From my old-fashioned knowledge I would now expect, that in the LogFileEntry for page2  #SESSION.mySecurity.myToken# should differ from #COOKIE.CF_myToken#

because #SESSION.mySecurity.myToken# should be set,

and because #COOKIE.CF_myToken# should not be set due to the cflocation.

But that's not the case, both have been changed by calling 'goto.cfm'.

What am I missing?

-Didi