For example I was trying to do a login and implementing the cflogin on a cfc. When I returned to my template, my cfauthorization variable was set on session, but my isAuthUser() was returning blank.
After an hour of basically playing around, I returned the cflogin to the Application.cfc and wallah. The security functions return values. So that's a relief.
So if you want to implement a cflogin security, make sure you are calling the cflogin tag on every request, in order for the security variables to take effect.