Oh. I don't use the <cfapplication> tag. In its implementation, you should not omit the encasing quotes. ColdFusion interprets values as best as it can, but just to be safe that values get translated and not lost in syntax, it would read ...sessiontimeout="#createTimeSpan( 0,0,45,0 )#" />
Personally, I use application.cfc, where you simply set the sessionManagement variable of the 'this' scope in the pseudo-constructor area (the areas outside of functions), ie:
<cfset this.name = 'myAppName' />
<cfset this.sessionManagement = true />
<cfset this.sessionTimeout = createTimeSpan( 0,0,45,0 ) />
...
<cffunction name="onApplicationStart"...
What do you mean by cookie timeout? If session management is enabled, then CF will attempt to set a cookie on the client machine which is subsequently sent back to CF on each request in order to maintain the session state. Some browsers will let you inspect those cookies. You could clear your cookies, make a request (creating and setting a new session cookie) and then inspect it to see if the timeout is set to 20 minutes from now or the intended 45.