Ok… now I understand. Your title and your posts above are a little misleading. It’s not that URLSessionFormat() doesn’t work (as specified in the title). Your issue is that the variables saved to the session scope get lost when you use url session only (without using cookies).
I can confirm that I see the same as you. The values saved to the session scope are getting lost or resetted when jsessionid is used as URL variable.
What happens if you use this button code for test in your test.cfm instead? Does it work as whished?
<form name="testForm" id="testForm" action="test-2.cfm;jsessionid=#session.sessionid#?varA=1&varB=2" method="post">
<input type="submit" name="seems to work" id="submit">
I’ve read the servlet 4.0 specs. There is some kind of URL-Rewrite envolved with jsessionid. It looks like the syntax for the default jsession needs to have preceding semi-colon in the URL like done above. Don’t know how this is implemented in depth with Lucee. Same issue applies when using #session.urlToken#. I’d say it’s a bug.
UPDATE: Need to correct myself. Seems to be a bug in urlsessionformat. Should we file a bug @cfmitrah?