I've tried to reproduce your issue and I see two cookies, DropZone
which is in fact the default cookie name you've configured plus the other cookie Users[rememberMe]
which is used by the plugin.
http://book.cakephp.org/2.0/en/development/sessions.html#built-in-session-handlers-configuration
Mine is correctly set. Also let me explain what your Cookie string means:
Set-Cookie: DropZone=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
This says that your cookie named DropZone has been deleted. The next line creates it with the given settings:
Set-Cookie: DropZone=spackr9fhhgod0lqk9glh3ch44; expires=Tue, 28-Jan-2014 23:01:37 GMT;path=/; secure; HttpOnly
The behaviour here is correct I think, it deletes the cookie and renews it.
This cookie is definitely not coming from the users plugin as long as you haven't changed the name in the components setting to DropZone as well. So you should see two cookies.
Here is the related Github Issue: https://github.com/CakeDC/users/issues/154