One of the clever things you can do to personalize your site is to give individuals or clients or affiliates (or your dog) a custom URL. For example, if I wanted to give my dog his own url on my "coldfusionmuse.com" domain I could create "Nicholos.coldfusionmuse.com". Now, unless you want to spend most of your time entering CNAME or A records into your DNS server I suggest the following:
While we cannot alter the automatic process that sets the CFID and CFTOKEN variables - we can manipulate these cookies to make them visible across sub domains. Here are the steps:
How does it work? Well... when I first go to "www.coldfusionmuse.com" the server checks to see if I have a session. It does this by looking for the CFID and CFTOKEN (or JSESSIONID) in the url, form and cookie scopes. Finding none, it creates a CFID and CFTOKEN for me in the session scope. With clientcookies turned off, the application, in effect, says, "Ok, the rest is up to you fancy pants developers out there. Manage the session yourself if you like". Without cookie code or url parameters the site would actually treat each new request as a brand new session. That's the effect of both not allowing cookies and allowing session management.
When you copy the session keys into the cookie scope and make them visible to sub domains you cut into this process at the initial step - when the server is searching the scopes for a session. It sees your keys and says "aha! this is what I'm looking for." Then it uses them to check memory for that particular application to see if there is a match and Viola! ... your session is restored. It's a hack - but it's kind of nifty in a way.