In ColdFusion 9.0.2 and earlier, people needed to modify ColdFusion session cookies for adding additional cookie attributes. With ColdFusion 10, this is no longer required. (For details see here).
So now while migrating to ColdFusion 10, this code needs to be updated. Let's see the scenario when this code is left out. The behavior is unknown. To avoid this, ColdFusion 10 comes with another setting -
Settings -> Memory Variables -> Session Cookie Settings -> Disable updating ColdFusion internal cookies using ColdFusion tags/functions
It can also be set using Application.cfm/cfc. See this entry for details.
When enabled this will prevent CFCookie and CFHeader tags to update ColdFusion session and authorization cookies.
There is one more enhancement done for cfcookie/cfheader - In previous versions, cookie value was always encoded. However this might cause issues with a cookie value expected with some extra characters. Now you can use new attribute "preservecase" and "encodevalue" for CFCookie tag and "encoded" attribute for CFHeader tag when type=cookie.