Where does 'LoggedIn' get created? That's not obvious from your code.
<cfif not IsDefined("LoggedIn")>
What you should have is the page the form submits to should look up the username and password in the DB, then set the loggedin flag to true.
So probably at the top of login_form.cfm, something like:
<cfif structKeyExists(form, "un") and structKeyExists(Form, "pw")>
<CFQUERY NAME="q_permissions" DATASOURCE="family">
SELECT permissions.* FROM permissions
WHERE un = <cfqueryparam value="#form.un#" CFSQLType="CF_SQL_VARCHAR">
AND pw = <cfqueryparam value="#form.pw#" CFSQLType="CF_SQL_VARCHAR">
</CFQUERY>
<cfif q_permissions.recordCount EQ 1>
<!--- user can be logged in --->
<cfset LoggedIn = true>
<cflocation url="index.cfm">
</cfif>
</cfif>
(although ideally you'd be hashing your passwords not storing them as plaintext, right?)
This code is redundant:
<CFSET URL="http://" & cgi.server_name & ":" & cgi.server_port & cgi.script_name>
<CFIF cgi.query_string IS NOT " ">
<CFSET URL=url & "?#cgi.query_string#">
</CFIF>
<CFOUTPUT>
<FORM
ACTION="#url#"
METHOD="post">
Just use an empty action attribute, it'll do the same thing (of submitting to the current URL).
<FORM
ACTION=""
METHOD="post">