You are setting session timeout in the application to 10 seconds. It will time out after this amount of time, which is probably around the time you take to navigate after signing in.
It is just a tryings to prevent this misunderstandable actions. Previously it was 20 minuts. All in all it works , but nothing was changed in passing the variables betwenn page, There are no variable " Session.user "
I see no need for the following code:
<cfif structkeyexists(session, "loggedIn")>
<cfset session.loggedIn = "yes">
<cfset session.loggedIn = "no">
In fact, there might a problem with the design. When the user comes in at the start, structkeyexists(session, "loggedIn") is No. This code sets session.loggedIn to No. But by doing so, the code makes structkeyexists(session, "loggedIn") to become true. And, because structkeyexists(session, "loggedIn") is true at the next request, session.loggedIn will be Yes! In this way, the user goes from no defined session to a logged-in session without having filled the login form.
I would delete this code. I would then change the logic for showing the form to:
<cfif structkeyexists(session, "loggedIn") is "no" or session.loggedIn is "no">
On a different note, tighten your security with:
WHERE login=<cfqueryparam value="#form.login#" cfsqltype="CF_SQL_VARCHAR">