Hmm.. I don't think this is correct. My site doesn't pass tokens in order to keep session variables or cookies.
When a user first lands on my http site, I set sessions/cookies and pass them to our cart which is https and both of them are transferred just fine and I don't pass any type cf tokens. I don't know if it makes a difference but I use 128 bit High-grade Encryption. Now... yoursite.com vs www.yoursite.com is a different issue. That is seen by most browsers as being different sites and doesn't allow you to pass cookies to between the two sites. Paul Alkema http://www.alkemadesigns.com/ -----Original Message----- From: Jason Fisher [mailto:ja...@wanax.com] Sent: Wednesday, March 31, 2010 10:49 PM To: cf-talk Subject: Re: What happens to session variables after redirecting to https? No, from a cookie perspective, http://mysite.com and https://mysite.com are 2 different domains, so you need to send the session tokens across the gap. Any of a number of approaches can work, but here's the quick and dirty: <cflocation url="https://#mySecureURL#" addtoken="yes" /> Or, if you are using some other redirection, you can append the following to the URL: &cfid=#cookie.cfid#&cftoken=#cookie.cftoken# (Note that the nomenclature is different if you're using Java session IDs.) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:332517 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm