My bad, I meant to type <cfdump> not <cfoutput> (yeah, you cannot output complex objects).
But it does sound like you're having an issue with CF-related login functionality. Your session information staying put shows that your browser is accepting the cookie information, and it is persisting across requests. That is good. But it sounds to me like your issue now has to do with using CF's login (or are you manually just setting data into the Session scope and assuming that is a "logged in" status?)
You state the page you had create had "All the sessions listed", but it should only be showing 1 session's worth of data. A session is equivalant to your cookie's data from the server side. For example.
CFID of 1 = User A's session scope data
CFID of 2 = User B's session scope data
etc.
Of course, that's an oversimplification of the process. CF uses the combination of CFID/CFTOKEN to determine this.
I'm assuming you've placed data into the SESSION scope, and then are saying that after 10 minutes, this data no longer shows, and all you see are the CFID/CFTOKEN, etc? Is that correct? If that is the data you see, are the CFID/CFTOKEN still the correct values? (ie, not changed)
If that's true, then the issue is you're executing code which is "Logging you out" (but not messing with your actual session at all). In this event, sure, your session scope is losing variables in it, and the end result is you are seen as being logged out of your app, but the actual session is not being "rotated" (old expires and you're issued a new one). Please verify this information before moving on. It almost sounds to me like you have possible faulty logic that is executing and "logging you out", even though the session is still the same.
