This is a weird one. I've recently moved the site to shared hosting on CF11 (I believe), so I don't know if that has anything to do with this. It wasn't happening before.
I'm still using application.cfm (not cfc) and it currently looks like this:
<CFAPPLICATION
NAME="catholicity"
SESSIONMANAGEMENT="Yes"
SESSIONTIMEOUT=#CreateTimeSpan(0,2,0,0)#
CLIENTMANAGEMENT="Yes"
CLIENTSTORAGE="Cookie"
>
Our site catholicity.co.nz allows users to add business listings. The listing process is done in steps, first selecting a category, then entering further details. We store listing data in a session variable named "session.post". After a category is selected, jQuery code passes the selected category to a coldfusion cfc function, which creates session.post and adds the selected category to it (session.post.category). The jQuery then loads a new page for entering further details. I have confirmed that jQuery can read the session scope created in the cfc. It is on this second page that the session scope seems to be getting lost. Session.post does not appear when I dump the session scope at the top of this new page.
javascript redirect code looks like this:
top.location.href="/post/post.cfm?cat=" + cat + "&subcat=" + subcat + "&mode=" + mode;
The cat and subcat values are read directly from the cfc which returns session.post
<cffunction.....>
...
<cfset session.post.category = nCategoryId & "^" & sCategory>
<cfset session.post.subcategory = arguments.id & "^" & sSubcategory>
<cfset session.post.prev="subcategory_id">
<cfset session.post.next="details">
...
<cfreturn session.post>
</cffunction>
The strange part is that if a user is logged in at the time they create a new business listing, this issue does not occur. I'm not sure why because logging in creates a separate session variable named session.user and as far as I know there isn't any connection between session.user and session.post.
The issue is testable at http://www.catholicity.co.nz, and clicking on " Add business" at the top. I have dumped out session and client scope on the first and second pages, with a JS alert on callback from the initial cfc call.
EDIT
My application.cfm looks like this:
<CFAPPLICATION
NAME="catholicity"
SESSIONMANAGEMENT="Yes"
SESSIONTIMEOUT=#CreateTimeSpan(0,2,0,0)#
CLIENTMANAGEMENT="Yes"
CLIENTSTORAGE="Cookie"
>
<cfif structKeyExists(session,"cfid")>
<cfcookie name="cfid" value="#session.cfid#" expires="NOW">
<cfcookie name="cftoken" value="#session.cftoken#" expires="NOW">
</cfif>
<cfif structKeyExists(url, "logout")>
<cfset session.user.authenticated = 0>
</cfif>
<cfparam name="session.cfid" default="">
<cfparam name="session.cftoken" default="">
<cfparam name="session.mode" default="temp">
<cfparam name="session.user.authenticated" default="0">
<cfparam name="session.user.confirmed" default="0">
<cfparam name="session.user.disabled" default="0">
<cfparam name="session.user.id" default="">
<cfparam name="session.user.email" default="">
<cfparam name="session.user.contact_name" default="">
<cferror type="exception" template="/error.cfm">
<cfscript>
application.accepted_docs = "application/pdf,application/msword,application/vnd.ms-excel,text/plain,vnd.ms-word.document.12,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
application.accepted_images = "image/jpg,image/gif,image/jpeg,image/png,image/x-png,image/pjpeg ";
application.accepted_videos = "video/x-flv,video/mp4,video/x-msvideo,video/x-ms-asf,video/x-ms-wmv,audio/x-ms-wma";
....
</cfscript>
<cflock name="#APPLICATION.applicationName#"
type="Exclusive"
timeout="20"
throwontimeout="Yes">
<cfparam name="APPLICATION.SessionTracker" default=#StructNew()#>
<cfscript>
sUserInfo = StructNew();
sUserInfo.Address="#CGI.REMOTE_ADDR#";
sUserInfo.CFID="#session.cfid#";
sUserInfo.Token="#session.cftoken#";
sUserInfo.Address="#CGI.REMOTE_ADDR#";
sUserInfo.Time="#Now()#";
sUserInfo.Template="#CGI.CF_Template_Path#";
ID = "#session.cfid##session.cftoken#";
</cfscript>
<CFSET dummy = StructInsert(APPLICATION.SessionTracker, ID, sUserInfo, true)>
</cflock>
I've tried commenting out potentially-dodgy code sections, to no avail.
I did a test with your Application.cfm page. As I said in the above comments, your session gets restarted for each and every request. (I mean your CFID & CFToken values are changed for every request).
I went through your code flow. Here you are resetting the CFID and CFToken cookies with the session values.
On every request, the Application.cfm page is executed. At that time, the above condition
structKeyExists(session,"cfid")returns true for every request. So every request runs the<cfcookie>code. You have set the cookies to expire "Now", which means they expire immediately. So that your session is considered as a new one. This is the problem in your application.As per the docs
So please check your above condition. I'm not sure why you are expiring the cookie immediately. Maybe your business logic is like that, but the code logic is not correct.
So change this logic as per your business needs. Please remove that code and restart your application and then you will get only one CFID and CFToken for each and every request until the session expires.
The below image I've run the application to set CFCookie value. It's considered a different CFID & CFToken value for every request. You can see below the CFID is different, like 2106,2107,2108
If I remove the condition with cookie value, it's considered only one session. The CFID remains 2109 until the session expires.
So please correct your condition and CFCookie functionalities. That's the cause of the problem.