CFID and CFTOKEN changes from page to page

Report · Sep 21, 2010

We have a closed network running CF 8.0.0.176276 version. My issue is with session variables cfid and cftoken. As I am navigating around the site the cfid and cftoken and always changing which sucks for tracking actually logged in website admins. We have the same exact code on another network but it is running CF 8.0.1.195765 and it works great. If I pass say cfid and cftoken in the url everything works.

I have opened server monitor and viewed the number of active session to IP addresses and we have only about 7 users but those 7 users together created close to 700 active sessions. Any help is great, I've Googled this issue and tried workarounds but if no one experienced this issue I guess I can patch it to match our other server.

I have made a simple version of this issue with a single cfapplication tag with all the required fields in a application.cfm and a single index.cfm file with one link to itself and a cfdump of session structure all in a new folder. When I click the link the cfdump of session shows a new cfid and cftoken value each and every single time... Thanks.

Report · Oct 12, 2010

Yeah, according to the CF 9 LiveDocs (http://bit.ly/cKprqn):

"If you use J2EE session management, the Session scope does not include the Session.CFID or Session.CFToken variables, but does include the Session.URLToken and Session.SessionID variables. In this case, the Session.SessionID is the J2EE session ID and Session.URLTokenjsessionid= followed by the J2EE session ID."

It also states that CFIDE and CFTOKEN are use in "ColdFusion session management only" (and not J2EE session management)

This may not be your problem, but I thought I'd throw it out there to help troubleshoot.