Trouble with Session Management

Well, you can wrap every link, form action, etc. with the URLSessionFormat() function so that CF will automatically append the CFID and CFToken querystring to anything when it sees that cookies aren't present.

Do you use something like this, with both clientmanagement and sessionmanagement turned on?

thanks for the help. I thought Id tell you more about what I am doing and see if you have comments - we use google to market our company so clicks are costing us big bucks. currently, our sites rely on session management to operate, so I realize that folks having cookies off is really hurting us. All the references I can find tote passing the session.URLToken around the site to make it cookie independent. I havent done this yet, first im trying to get a handle on how many people have cookies off (like you are), and where people are coming from to see if we are having click fraud (which we are very suspicious of).

Is this what you would do (passing the URLToken around)? Any other comments you have would be very much appreciated.

Hey, I've noticed you struggling with this, seeing several past postings. I can't speak to CFID much, only to say that I've never used it in 7 years of CF development. Personally I create my own session.userid value within my application.cfc onSessionStart, either from an existing cookie on the user's system or from scratch (using createuuid() ). This helps me track returning visitors fairly well, though my site statistics show that nearly 20% of my company's users do not have cookies enabled (pure paranoia). It's also good to verify the existence of any variable that you don't create within the calling page (structexists(session,"CFID") ). Don't assume it will be there, that'll just bite you later.