Mark, Thanks for your patience. I really want to figure this out.
OK, I can see that requests contain different host names (e.g. myhost.net, www.myhost.com, etc). The problem is that when I do a redirect via cflocation, a different host name than what they started with will get stored as the session token, and thus the session confusion. For example, on the home page a session token is set, then in my application.cfm they are redirected to the login page if they request a secure page, using something like this: <cflocation URL="../login.cfm?requestedpage=#urlEncodedFormat(CGI.script_name)#&requestedquerystring=#urlEncodedFormat(CGI.query_string)#"> The resulting URL is set to contain a domain name that might well differ from the original request. How do others deal with this problem of multiple domain names creating different session tokens? nick > Configure your web server to log the host name of each request and > check it out... if you see it changing then you can use the referrer > (which you should also log) and find the link that is changing the > host name. > > As for the domain value for cookies, it comes from the current host > name. > > Mark ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Special thanks to the CF Community Suite Gold Sponsor - CFHosting.net http://www.cfhosting.net Message: http://www.houseoffusion.com/lists.cfm/link=i:4:184693 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54