I have a login function that authorizes against a remote database over xml webservice. Upon successful login, I set a bunch of session variables for the logged-in user that follow them around the site (members only content, etc). This all works fine.

We are setting up a store and would like to have access to the session variables, for member pricing, pre-filling forms and so on. For now, the link to the store is available only after a member logs in. I am including the url token in the link, like so:

https://mysite.com/store/index.cfm?<cfoutput>#session.urltoken#</cfoutput>

CFdumping the session on the store page shows the same cfid, cftoken and jsessionid as from the login page, so I think the session is being correctly maintained — but none of my session variables show up in the dump, and if I try to reference them I get the “is undefined in session” error.

This happens whether I go from login to store via http > http, https > https, or other combination. It’s all on the same server. I would appreciate any help in resolving this, or if anybody has a better suggestion on how to accomplish our goal, I would really appreciate that too! Again, all I want to do is have the store recognize a logged-in member as such, when they first arrive at the store home page. Thanks a lot!