sessions not sticking in IE (sometimes) : Cold Fusion

This problem is killing us and I'm surprised there isn't more chatter about it.

We have a site that users session variables and does not use client variable.

The cfapplication tag is as follows:

-----------------
<cfapplication name="ourApp" clientmanagement="no" sessionmanagement="Yes"
applicationtimeout="#CreateTimeSpan(1,0,0,0)#"
sessiontimeout="#CreateTimeSpan(0,0,60,0)#" setclientcookies="No">
-----------------


The next lines are:

-----------------
<cfif IsDefined("Cookie.CFID") AND IsDefined("Cookie.CFTOKEN")>
<cfset cfid_local = Cookie.CFID>
<cfset cftoken_local = Cookie.CFTOKEN>
<cfcookie name="CFID" value="#cfid_local#">
<cfcookie name="CFTOKEN" value="#cftoken_local#">
</cfif>
-----------------

We have also tried removing the setClientCookies="No" and the lines above, and
the same result ...

Some users with IE (multiple versions) running mainly on Vista (although some
users say they are on XP Pro) simply cannot hold sessions SOMETIMES. It is the
craziest thing and we are able to replicate the same intermittant problem by
constantly changing the application name and clearing cookies in IE ...
sometimes, the cookies will not stick. Once we get the problem going, then
cookies will not stick for IE until we change the application name in the
cfapplication to some arbitrary new name, and then magically the cookies begin
to stick again.

There is no conflict of another cfapplication tag, there is no change in the
IE security settings, etc.

Please someone at least let me know we're not insane and that others have
reported this same problem? Any solution/work-around out there other than
begging our users to all switch to Firefox?

bump.

Noone else has heard of this or has a solution? I've seen a handful of thread about this same problem that others are haing, but have yet to see a solution.

We use session variables, no client variables, and don't see this problem at all in IE.

That said, we are using J2EE session variables, and have since we upgraded to CFMX 6 and beyond.

even though you have setclientcookies set to no it appears further down
that you are indeed wanting cookies to manage session.

When session is "sticking" try noting if there are any cookies actually
set by executing code like this from a web page on your server:
<script>
alert(document.cookie);
</script>

When they stop "sticking" try looking at the same page are the cfid and
cftoken cookies gone? If so cookies are indeed being used to
manage your session.

If you don't want cookies to manage your session you will need to pass the
cfid and cftoken variables directly on every link on every page.

Perhaps you may have meant to set clientManagement to no?

Did you find an answer? We see the same thing on CFMX8 and am not sure why? It seems to be only for IE.

What we are doing is we're expiring the CFID and CFTOKEN COOKIES and that results in a blank cfid and cftoken value in the URL... (even though setclientcookies is set to NO and we're not setting these cookies!)

we thought CFID and CFTOKEN don't matter since jsessionid is enabled (CFMX8), but for some reason they seem to play a part in session swaps.

AND sessions get intermittently swapped.

Also, the jsessionid cookie is always being set, even if setclientcookies is set to NO.

Any ideas??????????????