I use the macro <TEMACRO Sessionkey> to return the 
current session key to the Cold Fusion page I call screen 
surfer from.  Later in another transaction I specify a 
Task.SessionRequired=1 which works because it fails if I 
don't pass in SessionKey (which it checks for as 
web.sessionkey in the control.stml file you provided)  
However as long as I pass a session key (even a bogus one 
for example 12345) the getsession gives me access to where 
the last transaction left off.  This is very undesirable 
because I'm working on online ticket ordering and with how 
it is currently working the result is that user1 can select 
a particular set of tickets and then user2 selects another 
distinct set of tickets and then user2 buys the tickets but 
gets the tickets that were associated with user1 because the 
GETSESSION is validating user2's sessionkey as user1... and 
similarily then if user1 clicks to buy the tickets they get 
user2's tickets.

This is very unlikely behavior, as the sessionkey is the 
only way of reconnecting a calling user to a session, and 
this is very heavily tested code that hasn't been touched 
in a very long time.

Please check the trace of the control.stml file, which is 
probably the source of any bug here--it might be ignoring 
that the sessionkey is bogus, then do a TEACTION CONNECT 
that due to a TEACTION RELEASE KEEPOPEN could get a 
transaction in progress.

If you'd like help in diagnosing this, please compile with 
trace and send us the /screensurfer/hostserver/templates.log 
file to surfer@ie.com and we can figure-out what is 
happening.

To reproduce completely, compile for trace, open a 
transaction then pass in the bogus sessionkey that picks-up 
the prior session...

I've just sent the requested files.  What I did was have
two sessions open each with unique session keys.  However 
session2 picked up where session1 left off and session1 
picked up where session2 left off which was incorrect.  The 
end result was that session2 got session1's tickets and 
session1 got session2's tickets.