Session Variable Loss and Session Fixation in ColdFusion
ColdFusion Variable is undefined in Session For the proper explanation of Session Fixation and how a session is undefined see http://www.petefreitag.com/item/815.cfm Watch out for the version of Coldfusion you are running and the hot fixes as there are differences http://www.bennadel.com/blog/2050-changes-in-cflocation-onrequestend-behavior-in-coldfusion-9-s-application-cfc.htm Session Fixation Bug (it's back to the old sessions lost after cflocation which was either introduced as a bug or fixed in CFMX6 ) "A JVM property was added in case you want to completely switch off the fix for the Session Fixation issue ( Bug 86378) which prior to this security release changed Session behavior in some environments. Add the following JVM property -Dcoldfusion.session.protectfixation=false in the JVM Arguments for the Coldfusion Server." http://helpx.adobe.com/coldfusion/kb/security-hotfix-coldfusion-8-8.html Programmatically can be fixed using the below: <cf