That was pretty much what I thought I was doing, but I had the whole situation confused. I solved it because I realised that ASP uses a completely different format of SESSION ID in two ways, i.e. session.sessionid brings back a different ID to that supplied through the HTTP Header and the cookie ID.
Simply put, if I set the sessionID being passed to ASP as a cookie then the ASP uses that, if I dont supply one, ASP creates one, which you can recover in CFM by looking at the returned header after the CFHTTP.
So to solve it, I had to do a call to a pretty much empty ASP script using CFHTTP, that returns a http header with a new cookie with the session ID (found by looking at the cookie "SET-COOKIE" and extracting the cookie marked ASPSESSIONIDblah blah..
Now I have it, I then use CFHTTPPARAM of type cookie on my next call to the real ASP script I want. The ASP script picks this up and so does the COM object which needs it.
On the next time to the first CFM page, I just check if I need a new cookie/sessionid or not and dont do the initial CFHTTP if it's not the first time around.
I got to be fair, though it works it is completely full of server overheads and would make more sense if it the ASP was converted to CFM in this case, but I dont have that luxury at the moment.
Thanks for the suggestion