After the login, the sessions are visible. You can see them in the querystring and so on. But if the page is reloaded, or a link is clicked the session is destroyed.

At the top of the page we have this conditional. The page has a fully qualified URL. I am removing for this post only.
<%
if session("AffiliateID") = "" then Response.Redirect "https://removed/login.asp"
%>
<body>
basic HTML
</body>



Now if this page is reloaded the session is destroyed and they are forced to login in again.
Any idea why this is happening?