ColdFusion SESSION variables use two cookies (CFID and CFTOKEN) to identity the client browser – all SESSION variables are stored on the server, but the two cookies are needed to know which set of variables belongs to whom. But what if you can’t (or won’t) use cookies? You can still use SESSION variables, but the responsibility of ensuring that the CFID and CFTOKEN values are always available to ColdFusion is then yours – you’ll need to embed them both into every URL in every page. To make this process a bit easier you can use the variable SESSION.URLToken (which contains both CFID and CFTOKEN), just embed that value in the URL (use # signs if needed) and you’ll still be able to use SESSION variables even without cookies. (Applies to: ColdFusion 3 (or later))

Leave a Reply