I also just noticed that in CF11 when setDomainCookies = true (as described above), the CFID value is a really long string like this:
Z878pt2v0jgtx8yvvdf8rr3ifl19dswl61juevwo42y6ibcn65-1168 instead of the normal short, numeric value. Also, this CFID closely matches the value for the CFTOKEN cookie: Z878pt2v0jgtx8yvvdf8rr3ifl19dswl61juevwo42y6ibcn65-59bcdaab076aa06-2997ED3A-C291-54C7-53D0BF27179FEDC9. Looks like there's just a long (and same) prefix in both cookies... never seen this before.
When I set setDomainCookies = false, the CFID cookie goes back to the normal short numeric value (no prefix).
Thought it might be worth menitoning...
Not sure if it's related but i'm experiencing some weirdness with cflogin and loginStorage="session" also.
In some case i need to log-in twice for the login to "stick" (on the first login i only get to see one page, all following request get me back to the login form).
It seem to be linked to login/session timeouts but i can't figure out why...
Well no, all i was able to do is switch to loginStorage="Cookie", and use large session timeout to workaround the pain...
Here is the related thread