Earlier this week at the 28C3 security conference in Berlin researchers presented on a denial of service (DOS) technique that several web application platforms (PHP, ASP.NET, Node.js, Tomcat, Java's HashMap/Hashtable etc) are vulnerable to, known as hashdos.

As you are probably aware ColdFusion allows you to use the integrated J2EE sessions that are provided as part of the J2EE server (by enabling the Use J2EE session variables setting in ColdFusion Administrator).

I like to setup my development machine with different versions ColdFusion, but all with the same web root. I setup a server for each instance, so I can use the same url on different ports (eg CFMX 6 on port 8600, CFMX 7 on port 8700, etc).