I work for a company that has an coldfusion intranet site and would like to
pass variables to our internet site located externally on a separate server.
What I'd like to do is pass encrypted username and password variables via the
URL, then decrypt them and use them to log a user into a portion of our
internet site.

here is the code for the intranet page with the links to our external internet
site:
<tr>
<td width="3%" valign="baseline"><a
href="javascript:showRow('#admin_id#', '#admin_id#Pics')"> <img
src="../../images/btn_details_hide.gif" alt="Click to view record details"
width="13" height="13" border="0" id="#admin_id#Pics"> </a></td>
<td width="89%" valign="top">
<cfif Left(getadmins.admin_path, 7) EQ "http://">
<cfset VARIABLES.EncryptionKey = "a5fg3hj78j06">
<cfset VARIABLES.username = URLEncodedFormat(Encrypt(SESSION.username,
VARIABLES.EncryptionKey))>
<cfset VARIABLES.password = URLEncodedFormat(Encrypt(SESSION.password,
VARIABLES.EncryptionKey))>
<a href="#admin_path#?u=#VARIABLES.username#&p=#VARIA BLES.password#"
target="#target#">#admin_name#</a>
<cfelse>
<a href="../../#admin_path#"
target="#target#">#admin_name#</a>
</cfif>
<span id="#admin_id#" style="display:none">
<table width="100%" border="0" cellpadding="0"
cellspacing="0">
<cfif getadmins.admin_description NEQ "">
<tr valign="top">
<td>#admin_description#</td>
</tr>
</cfif>
</table>
</span> </td>
</tr>

here is the code for my login page:
<cfif (IsDefined("URL.u") AND URL.u NEQ "") AND (IsDefined("URL.p") AND URL.p
NEQ "")>
<cfset VARIABLES.EncryptionKey = "a5fg3hj78j06">
<cfset VARIABLES.encrypted_username = URLDecode(URL.u)>
<cfset FORM.username = Decrypt(VARIABLES.encrypted_username,
VARIABLES.EncryptionKey) & "@erinc.com">
<cfset VARIABLES.encrypted_password = URLDecode(URL.p)>
<cfset FORM.password = Decrypt(VARIABLES.encrypted_password,
VARIABLES.EncryptionKey)>
</cfif>

<cfif IsDefined("FORM.username") AND IsDefined("FORM.password")>
<cfset MM_redirectLoginSuccess="password_status_list.cfm" >
<cfset MM_redirectLoginFailed="password_admin_login.cfm?E rror=1">
<cfquery name="MM_rsUser" datasource="erinc_resource_center_login">
SELECT UserName,Password FROM Admin WHERE UserName='#FORM.Username#' AND
Password='#FORM.Password#'
</cfquery>
<cfif MM_rsUser.RecordCount NEQ 0>
<cftry>
<cflock scope="Session" timeout="30" type="Exclusive">
<cfset Session.username=FORM.username>
<cfset Session.UserAuthorization="">
</cflock>
<cfif IsDefined("URL.accessdenied") AND false>
<cfset MM_redirectLoginSuccess=URL.accessdenied>
</cfif>
<cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
<cfcatch type="Lock">
<!--- code for handling timeout of cflock --->
</cfcatch>
</cftry>
</cfif>
<cflocation url="#MM_redirectLoginFailed#" addtoken="no">
<cfelse>
<cfset MM_LoginAction=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset MM_LoginAction=MM_LoginAction & "?" & XMLFormat(CGI.QUERY_STRING)>
</cfif>
</cfif>

finally, here is my code for the pager that user is supposed to end up:
<!---Restricts the access to this page to valid Administrators--->
<cflock scope="Session" type="ReadOnly" timeout="30" throwontimeout="no">
<cfset
MM_Username=Iif(IsDefined("SESSION.username"),"SES SION.username",DE(""))>
<cfset
MM_UserAuthorization=Iif(IsDefined("Session.userAu thorization"),"Session.userAut
horization",DE(""))>
</cflock>
<cfif MM_Username EQ "">
<cfset MM_referer=CGI.SCRIPT_NAME>
<cfif CGI.QUERY_STRING NEQ "">
<cfset MM_referer=MM_referer & "?" & CGI.QUERY_STRING>
</cfif>
<cfset MM_failureURL="password_admin_login.cfm?accessdeni ed=" &
URLEncodedFormat(MM_referer)>
<cflocation url="#MM_failureURL#" addtoken="no">
</cfif>


What happens is that my pages encrypt and decrypt my variables correctly then
successfully set the session variables on my login page; however, when the
server redirects the user to the its final destination page, the page does not
recognize my session variables forcing the user back to the login page. Can
anyone tell me what I am doing wrong.