I've got a problem. I'm working on a chat app which uses Flex, Coldfusion and FMS to log a user into the application. Here's what happens: User enters text into login form in Flex, Flex tries to connect to FMS, FMS authenticates the user via CF and Remoting and grants or denies access to the application by either accepting or rejecting the connection. So far so good, this works.
My problem is that I do not understand how I can 'hold on' to the user's session in CF so that further requests which come directly from the client (Flex > CF) can be controlled so that only users which have previously authenticated via FMS > CF are allowed to access CF's functions (such as requesting user details, sending an invite to another user and so on).
I guess my question is this: how can I put a user into a CF session when my authentication happens outside of the browser via FMS? And if I can do this, how can I control session expiration (chat sessions may last hours)?

Thanks for any advice.