Application variables

The This scope for the Application.cfc contains several built-in variables, which correspond to the attributes that you set in the cfapplication tag. You set the values of these variables in the CFC initialization code, before you define the CFC methods. You can access the variables in any method.

Note: Although Windows is case-insensitive, you must always start the Application.cfc filename with an uppercase A. Both application.cfc and Application.cfc are reserved words.

Note: If your application has an Application.cfc, and an Application.cfm or onRequestend.cfm page, ColdFusion ignores the CFM pages

The following table briefly describes the variables that you can set to control the application behavior. For more details, see the cfapplication tag.

Variable	Default	Description
name	no name	The application name. If you do not set this variable, or set it to the empty string, your CFC applies to the unnamed application scope, which is the ColdFusion J2EE servlet context. For more information on unnamed scopes see Integrating JSP and servlets in a ColdFusion application in Interoperating with JSP pages and servlets in the Developing ColdFusion Applications.
applicationTimeout	Administrator value	Life span, as a real number of days, of the application, including all Application scope variables. Use the CFML CreateTimeSpan function to generate this variable's value.
authcookie.disableupdate	False	Disable update of cfauthorization cookie using cfcookie or cfheader tag
authcookie.timeout	-1	Auth Cookie age in days.
cache.useInternalQueryCache	false	If true, ColdFusion will store cached queries in the old non-cool non-Ehcache version of the cache.
cache.querysize	Administrator value	Maximum number of queries that can be cached. To be clear, this refers to automatic caching via cachedWithin and cachedAfter in the cfquery/queryExecute tag/function. You can store as many queries as you would like using cachePut. Well, as many as your RAM will allow. Be sensible, people.
chartStyleDirectory		Application specific chart styles directory.
clientManagement	no	yes: enables client variables. no
clientStorage	Administrator value	Where Client variables are stored; can be cookie, registry, or the name of a data source.
customtagpaths	Administrator value	Contains ColdFusion custom tag paths. It is a comma delimited list with absolute path.To use this variable, select the Enable Per App Settings option in the Administrator Server > Settings page.The settings that you define here take precedence over the custom tag paths defined in the Administrator Server Settings > Mappings page for the current application.
googleMapKey		The Google Maps API key required to embed Google Maps in your web pages.
datasource		Name of the data source from which the query retrieves data.
loginStorage	cookie	Whether to store login information in the Cookie scope or the Session scope.
mappings	Administrator value	A structure that contains ColdFusion mappings. Each element in the structure consists of a key and a value. The logical path is the key and the absolute path is the value. To use this variable, select the Enable Per App Settings option in the Administrator Server Settings > Settings page.The mappings that you define here take precedence over the mappings defined in the Administrator Server Settings > Mappings page for the current application.
restSettings.cfclocation		To publish the CFCs only in a particular location, provide comma-separated list of directories where the REST CFCs are located. The directory paths can be absolute or relative.If not set, all the CFCs from the application root are published.
restSettings.skipCFCWithError		When an error occurs, continue publishing, ignoring the CFC that has caused the exception.If true, the CFC with error is ignored and the rest of the CFCs are published. By default it is false.If set to false, in case of an error, the application itself is not published. But other registered application are published.If an error occurs during application startup, the error is printed in console.Each application has separate log files for logging the issues.
sessioncookie.httponly	True	Specify whether session cookies have to be set as httponly or not. i.e. accessible only to Http requests
sessioncookie.secure	False	Specify whether session cookies have to be set as secure or not. i.e. returned on any type of connection or only secured (https) connections
sessioncookie.domain		Domain for which the cookie should be set. This should match exactly with the domain, with which application would be accessed
sessioncookie.timeout	30 years	Session Cookie age in days
sessioncookie.disableupdate	False	Disable update of cfid and cftoken cookie using cfcookie or cfheader tag
serverSideFormValidation	yes	Whether to enable validation on cfform fields when the form is submitted.
sessionManagement	no	Whether the application supports Session scope variables.
sessionTimeout	Administrator value	Life span, as a real number of days, of the user session, including all Session variables. Use the CFML CreateTimeSpan function to generate this variable's value.
setClientCookies	True	Whether to send CFID and CFTOKEN cookies to the client browser.
setDomainCookies	False	Whether to set CFID and CFTOKEN cookies for a domain (not just a host).
scriptProtect	Administrator value	Whether to protect variables fromcross-site scripting attacks.
security.antisamypolicy		Specify the location of antisamy file to be used when no antisamy policy file is passed to the getSafeHTML or isSafeHTML functions. The policy file can be relative to the Application CFC path or an absolute path can be provided.
compileextforinclude		Specify the list of allowed file extensions as a comma-separated list for the cfinclude tag. Specifying a wildcard * in the list makes any file included using the cfinclude tag to be compiled. If any file included using the cfinclude tag is not found in this list, their content will be statically included. By default, files with the cfm and cfml extensions are always compiled irrespective of this setting.
strictnumbervalidation		True/False. Default is true. The IsValid function for the integer and numeric types allowed the currency symbols at the start and commas inside the number. In ColdFusion 11, the isValid function behaves in a different way. Setting strictnumbervalidation to false makes the isValid function to behave in a way just like in the previous versions (ColdFusion 10 or earlier). Note that this setting also changes the behavior of the following tags: cfargument cfparam cfform
secureJSON	Administrator value	A Boolean value that specifies whether to add a security prefix in front of the value that a ColdFusion function returns in JSON-format in response to a remote call. The default value is the value of the Prefix serialized JSON setting in the Administrator Server Settings > Settings page (which defaults to false). You can override this value in the cffunction tag.For more information see Improving security in Ajax programming rules and techniques in the Developing ColdFusion Applications.
secureJSONPrefix	Administrator value	The security prefix to put in front of the value that a ColdFusion function returns in JSON-format in response to a remote call if the secureJSON setting is true. The default value is the value of the Prefix serialized JSON setting in the Administrator Server Settings > Settings page (which defaults to //, the JavaScript comment character).For more information see Improving security in Ajax programming rules and techniques in the Developing ColdFusion Applications.
serialization.preservecaseforstructkey	False	Boolean that determines if case for struct keys should be preserved when serializing a struct to JSON.
serialization.serializequeryas	row	Determines how queries should be serialized to JSON. Possible values are row, column, and struct.
serialization.preserveCaseForQueryColumn	false	If true, column case will be preserved.
welcomeFileList		A comma-delimited list of names of files. Tells ColdFusion not to call the onMissingTemplate method if the files are not found. Use this variable to prevent ColdFusion from invoking the onMissingTemplate handler if all of the following items are true: Your web server (for example, web.xml file) has a welcome file list with CFML pages such as index.cfm that it tries to run if a URL specifies a path ending in a directory. The web server sends a request for CFML pages the welcome list to ColdFusion without first determining if the page exists. You want to support directory browsing in directories that do not have any of the files on the welcome file list. You specify this variable only if the Application.cfc file also specifies an onMissingTemplate handler. It must have the same list of files as your web.xml welcome file list.Note: You do not need to use the welcomeFileList variable with most "pure" web servers, such as Apache. The welcomeFileList variable has to be used with most integrated web and application servers.
smtpServersettings		A struct that contains the following values: server, username, and password.If no value is specified, takes the value in the administrator.
sameformfieldsasarray	false	If the form fields have the same name, ColdFusion converts the form fields as an array instead of a list. To do this, in the Application.cfc, specify the following: this.sameformfieldsasarray = "true". Note: The empty string values will be preserved only if this is set to true.
timeout		This number represents how long an individual request can take. Timeout set using <cfsetting requesttimeout=""> overrides the timeout in the Application.cfc using this.timeout="".
debuggingIPAddresses		A list of IP addresses that need debugging.
enablerobustexception		Overrides the default administrator settings. It does not report compile-time exceptions.
javaSettings		A structure allowing you to specify Java class paths to be made available to your code. Valid keys are: loadPaths (an array of paths to include when searching for Java libraries), loadColdFusionClassPath (a boolean indicating if the default class path should be used, defaults to false), and reloadOnChange (a boolean indicating if the classpaths should be reloaded when they change, the default is false).
searchImplicitScopes	true	Allows you to enable or disable searching for an un-scoped variable in implicit scopes.

Form fields with same name

Assume that the form fields have same name. In this case, ColdFusion converts the form fields as an array instead of a list.To do this, in the Application.cfc, specify the following: this.sameformfieldsasarray = "true".The default value is false.

Enhancements made in ColdFusion (2016 release)

There is a new application setting, searchImplicitScopes. When set to false, an un-scoped variable is not searched in implicit scopes.

Enhancements made in ColdFusion 11

In ColdFusion 11, you can register application-specific datasources in Application.cfc. These datasources will be specific to that application and will not be available through the Administrator. If there is a name clash with a server-wide datasource, the one specific to the application will be given the priority.

"driver"="MSSQLServer","username"="sa","password"="password"};

this.datasources.dsn2={"driver"="MSSQLServer",url="jdbc:macromedia:sqlserver:
//localhost\MSSQL2008;databaseName=regression;;sendStringParametersAsUnicode=
false;querytimeout=0;MaxPooledStatements=1000","username"="sa","password"=
"pass"};

With a custom driver:

this.datasources.dsn3 = { "driver" = "other", "url" = "jdbc:sqlserver://localhost\MSSQL2008;databaseName=pubs;sendStringParameters
AsUnicode=false;querytimeout=0;MaxPooledStatements=1000", "username" = "sa", "password" = "S33N0Ev!l", "class"="com.microsoft.sqlserver.jdbc.SQLServerDriver"};

The following drivers are supported:

MSSQLServer
Oracle
Sybase
DB2
Informix
MySQL_DD
PostgreSQL
MSAccess
Apache Derby Embedded
Apache Derby Client
MySQL5
ODBCSocket
Other (for custom driver)

Enhancements made in ColdFusion 9.0.1

Application.cfc lets you specify data source authentication details for the data source. The data source settings can now be a string or a struct. When string, it is considered to be the data source name and authentication information is taken from the data source defined in the ColdFusion Administrator.
You can specify the authentication information using a struct value for data source. The following are the key names:

name: data source name
username: Username for the data source
password: Password for the data source
Example

<this.datasource={name='cfartgallery', username="user", password="passwd"}>

or

<this.datasource="cfartgallery">

Note: The same convention is used for ORM default data source where you can specify the data source authentication information in the ormsettings.

The following application-specific attributes have been added for Amazon S3 integration:
accessKeyId: ID for Amazon S3 account.
awsSecretKey: Secret key for S3 account.
defaultLocation:}}The default location of Amazon S3 bucket creation. A bucket on S3 storage can be in one of the following regions: {{US, EU, or US-WEST.The defaultLocation provided in the Application.cfc defines the default location for the bucket that you create. The default value is US.
Example

this.s3.accessKeyId = "key_ID";
this.s3.awsSecretKey = "secret_key";
this.s3.defaultLocation="location";
</cfscript>

Application-specific In-memory file system

You can use in-memory file system specific to applications. This enables application isolation for your virtual file system. That is, the file created in the in-memory file system by one application will not be accessible to another application.
The settings can be specified in the Application.cfc as follows:

Variable	Description
this.inmemoryfilesystem.enabled	Set the value to true to enable in-memory file system for application. This is the default setting.
this.inmemoryfilesystem.size	Specify the memory limit in MB for the in-memory file system.You can also specify the value in the ColdFusion Administrator (Server Settings > Settings > Memory Limit per Application for In-Memory Virtual File System).The lesser value is considered.