With ColdFusion 10 CFlogin is improved and more secure. The Authorization associated with cflogin for loginstorage"cookie" is much secure. The Authorization cookie,
· Is set to have a short time to live.
· Now it expires by default on browser close and this can be configured using cookie settings discussed before.
· It is by-default set to be on HttpOnly for CF admin console. For other applications, there is provision to configure
There are however some behavioral changes. Read here for further information.