One workaround is to just quickly discard the sessions of those who aren't logged in. This doesn't reduce the overhead of creating new sessions if that's heavy in your app, but it does save memory over time. I'm doing this in a few big apps to not keep sessions around for spiders and the like. You could use a variation of this to quickly expire non-logged in visitors.
Near the top of your Application.cfc:
<!--- save memory by expiring non-user sessions quickly --->
<cfif structKeyExists(cookie, "CFID")>
<!--- 7 days for normal users --->
<cfset THIS.sessionTimeOut = CreateTimeSpan(7, 0, 0, 0) />
<cfelse>
<!--- 30 sec short session for agents like bots that do not accept cookies --->
<cfset THIS.sessionTimeOut = CreateTimeSpan(0, 0, 0, 30) />
</cfif>
I don't remember who I got this idea from, so can't credit it correctly.