URL.CFID confusing sessions

[cf_code_warrior]

Where do I start? When going to any of our web sites, the home page comes up
and i the URL I have a CFID and CFTOKEN URL vars. On this same home page I
have a sign in box. People sign in, get verified and appear to be signed in.
They then go to pages that are restricted and find they're not. They've signed
in under one session id, the one that was in the URL originally?, and now have
a different session. Everything works fine, provided I click on the home page
again when I lose the URL.CFID parm. So I thought of a workaround. In the
home.cfm code, I put a conditional, if isdefined('url.cfid'), redirect to the
same page but with addtoken='no'. Problem is, even if CFID is NOT visible on
the command line, it is still THERE technically. Anyone have a better way of
managing sessions? Oh, using CF6.1MX but also MX7 if necessary. Robert

[CF_N_Montreal]

Hello,

I also use session variables. And everytime I use them, I added a CFLOCK tag
to prevent race conditions.

<cflock scope="session" type="exclusive" timeout="10">
<cfset session.LoggedIn = "True">
<cfset session.UserID = #Trim(User_ID)#>
</cflock>

I don't know if this is gonna help you....

I could be wrong but as far as I know
CFID and CFTOKEN is created as soon as you access the webpage.
Note: Only if you put the session management = yes in the cfapplication tag or
if you enable the session variables in CF Administrator.

[cf_code_warrior]

I ALWAYS used to use locks too. Recently at a CFMX6.1 3 day workshop I
attended, I was told that beginning MX, there was no longer a need. So I've
recently NOT been. I also automatically have sessionamnagement to yes always.
Thanks.