I can't imagine how setting calling event.setLayout() would affect this
since that method only has two lines of code that set two variables.
Without seeing all the code, it's hard to tell, but are you by chance
manually calling the init() method in your authentication.cfc anywhere.
According to the stack trace, the framework had just created an instance
of your authentication handler and was calling its init method-- part of
which includes the UDF file in your settings. If Init is getting called
twice it may be trying to include stuff twice.
Of course, this doesn't really explain why the error seems tied to the
existence of your security interceptor. Is this security interceptor
one of your making or the built-in ColdBox security?