Session variables overwritten in MX 7

Make sure you don't have another variable User that you are using somewhere, that then overwites the session variable. The other thing to try is to figure out where the session leak is happening and manually program it in each time the user goes from page to page in the leaky area, just passing it in the URL, for example

<form name="Test" action="NextPage.cfm?<CFOUTPUT>SessID=#Session.SessID#</CFOUTPUT>" method="Post">.

I run software for multiple counties on the same server, so have  what I call Session and Application variables all over the place to keep track of the users and the county where they work (Session Variables relate to people and Application.Variables relate to the Geographic location and Department - just my internal terminology). I had the same problem in CF7, so decided to handcode passing each Session or Application variable from one page to the next - kind of tiresome, but it gives me total control and great granularity, and, provided I avoid any other variable with the same name as any of the session variables, have had not a single problem since.

Session ID is dependant on two values CFID and CFTOKEN or a single value JSESSIONID if configured so in the administrator.

These values are usually passed back and forth between the server and the client as cookies.  But the alternative exists to pass them as URL query string keys and values as well.

If anything causes these values to be shared between multiple systems, then the ColdFusion server is going to treat all those systems as belonging to the same session.  This can happen for a variety of reasons such as a badly behaving proxy servers that cause cookies to be shared or bookmarked, shared, or search engine cached links that have the URL form in them.