I'm not sure if this will solve your problem but there are a few things to consider when you submit a form remotely.
First, is that you do not know what logic resides behind the form so you should submit EVERYTHING in the form in case the handler needs it for something. If it expects a form field that you did not submit, an error will occur and you will not get logged in.
Second, you could technically consider your actions, although perfectly legitimate for your use, a bot or hack. The target website could be looking to make sure the handler is actually being accessed by the form. They could be looking at the HTTP_REFERER or they could even be doing some more fancy stuff like looking at the duration of your session because no HUMAN could submit a form in .0001 seconds. In these cases you're likely not to get logged in at all unless you discover a flaw in their security logic.
Third, part of securing the site some logic also looks at the client to make sure you're a real browser. The default value of the userAgent attribute is "COLDFUSION". If the target is expecting something longer, or contains a valid browser name, the script would assume you are a bot and reject the request. The solution for this is easy though. Just put a good browser name in your userAgent attribute. You can get yours by dumping the cgi scope. The problem with this is that you should maintain it some how so you're not trying to use an old browser 5 years from now and the target says 'Sorry, chum. We don't support IE6 any more...'
<cfhttp userAgent = "Mozilla/4.0 (compatible; MSIE 7.0; {...}" ...>