Hardening server per Adobe document. Checked the “Disable updating ColdFusion interanl cookies using ColdFusion tags/functions.” Upon doing this, one of the sites hosted on the server stopped working. Unchecked it, and the site started working again. Can’t leave it unchecked. Trying to determine what to tell the developer of the site that stopped functioning for what they might need to modify in their code.

Based on some reading on the subject, they probably need to search the code for instances where they are setting internal cookies, perhaps CFID or CFTOKEN, and then find a way to make the application work without doing that. searching for cfcookie or cfheader might be the way to go along with CFID and CFTOKEN. Admittedly, I've never tried to manipulate these specific cookies, so, I could be way off, but https://stackoverflow.com/questions/44410199/how-to-uncheck-disable-updating-coldfusion-internal-cookies-programmatically sounds a little like your problem. Hope this helps.

@TEMann The lockdown guide is just that, a guide. Sometimes you need to use a feature in your app, and if so, note it and skip that step in the lockdown guide. Just make sure you have a valid reason for it and it's not just bad code

Ends up @bdw429s that is was bad code. 😄