The This scope for the Application.cfc contains several built-in variables, which correspond to the attributes that you set in the cfapplication tag. You set the values of these variables in the CFC initialization code, before you define the CFC methods. You can access the variables in any method.

Note: Although Windows is case-insensitive, you must always start the Application.cfc filename with an uppercase A. Both application.cfc and Application.cfc are reserved words.

Note: If your application has an Application.cfc, and an Application.cfm or onRequestend.cfm page, ColdFusion ignores the CFM pages

The following table briefly describes the variables that you can set to control the application behavior. For more details, see the cfapplication tag.

Variable Default Description
name no name The application name. If you do not set this variable, or set it to the empty string, your CFC applies to the unnamed application scope, which is the ColdFusion J2EE servlet context. For more information on unnamed scopes see Integrating JSP and servlets in a ColdFusion application in Interoperating with JSP pages and servlets in the Developing ColdFusion Applications.
applicationTimeout Administrator value Life span, as a real number of days, of the application, including all Application scope variables. Use the CFML CreateTimeSpan function to generate this variable's value.
authcookie.disableupdate False Disable update of cfauthorization cookie using cfcookie or cfheader tag
authcookie.timeout -1 Auth Cookie age in days.
cache.useInternalQueryCache false If true, ColdFusion will store cached queries in the old non-cool non-Ehcache version of the cache.
cache.querysize Administrator value Maximum number of queries that can be cached. To be clear, this refers to automatic caching via cachedWithin and cachedAfter in the cfquery/queryExecute tag/function. You can store as many queries as you would like using cachePut. Well, as many as your RAM will allow. Be sensible, people.
chartStyleDirectory   Application specific chart styles directory.
clientManagement no
  • yes: enables client variables.

  • no

clientStorage Administrator value Where Client variables are stored; can be cookie, registry, or the name of a data source.
customtagpaths Administrator value Contains ColdFusion custom tag paths. It is a comma delimited list with absolute path.To use this variable, select the Enable Per App Settings option in the Administrator Server > Settings page.The settings that you define here take precedence over the custom tag paths defined in the Administrator Server Settings > Mappings page for the current application.
googleMapKey   The Google Maps API key required to embed Google Maps in your web pages.
datasource   Name of the data source from which the query retrieves data.
datasources   Struct of structs defining datasources.You can use this variable to define a datasource specific to the application . This does not register/update a datasource in ColdFusion Administrator.
loginStorage cookie Whether to store login information in the Cookie scope or the Session scope.
mappings Administrator value A structure that contains ColdFusion mappings. Each element in the structure consists of a key and a value. The logical path is the key and the absolute path is the value. To use this variable, select the Enable Per App Settings option in the Administrator Server Settings > Settings page.The mappings that you define here take precedence over the mappings defined in the Administrator Server Settings > Mappings page for the current application.
restSettings.cfclocation   To publish the CFCs only in a particular location, provide comma-separated list of directories where the REST CFCs are located. The directory paths can be absolute or relative.If not set, all the CFCs from the application root are published.
restSettings.skipCFCWithError   When an error occurs, continue publishing, ignoring the CFC that has caused the exception.If true, the CFC with error is ignored and the rest of the CFCs are published. By default it is false.If set to false, in case of an error, the application itself is not published. But other registered application are published.If an error occurs during application startup, the error is printed in console.Each application has separate log files for logging the issues.
sessioncookie.httponly True Specify whether session cookies have to be set as httponly or not. i.e. accessible only to Http requests False Specify whether session cookies have to be set as secure or not. i.e. returned on any type of connection or only secured (https) connections
sessioncookie.domain   Domain for which the cookie should be set. This should match exactly with the domain, with which application would be accessed
sessioncookie.timeout 30 years
Session Cookie age in days
sessioncookie.disableupdate False Disable update of cfid and cftoken cookie using cfcookie or cfheader tag
serverSideFormValidation yes Whether to enable validation on cfform fields when the form is submitted.
sessionManagement no Whether the application supports Session scope variables.
sessionTimeout Administrator value Life span, as a real number of days, of the user session, including all Session variables. Use the CFML CreateTimeSpan function to generate this variable's value.
setClientCookies True Whether to send CFID and CFTOKEN cookies to the client browser.
setDomainCookies False Whether to set CFID and CFTOKEN cookies for a domain (not just a host).
scriptProtect Administrator value Whether to protect variables fromcross-site scripting attacks.
security.antisamypolicy   Specify the location of antisamy file to be used when no antisamy policy file is passed to the getSafeHTML or isSafeHTML functions. The policy file can be relative to the Application CFC path or an absolute path can be provided.
compileextforinclude   Specify the list of allowed file extensions as a comma-separated list for the cfinclude tag. Specifying a wildcard * in the list makes any file included using the cfinclude tag to be compiled. If any file included using the cfinclude tag is not found in this list, their content will be statically included. By default, files with the cfm and cfml extensions are always compiled irrespective of this setting.

True/False. Default is true. The IsValid function for the integer and numeric types allowed the currency symbols at the start and commas inside the number.

In ColdFusion 11, the isValid function behaves in a different way. Setting strictnumbervalidation to false makes the isValid function to behave in a way just like in the previous versions (ColdFusion 10 or earlier). Note that this setting also changes the behavior of the following tags:

secureJSON Administrator value A Boolean value that specifies whether to add a security prefix in front of the value that a ColdFusion function returns in JSON-format in response to a remote call. The default value is the value of the Prefix serialized JSON setting in the Administrator Server Settings > Settings page (which defaults to false). You can override this value in the cffunction tag.For more information see Improving security in Ajax programming rules and techniques in the Developing ColdFusion Applications.
secureJSONPrefix Administrator value The security prefix to put in front of the value that a ColdFusion function returns in JSON-format in response to a remote call if the secureJSON setting is true. The default value is the value of the Prefix serialized JSON setting in the Administrator Server Settings > Settings page (which defaults to //, the JavaScript comment character).For more information see Improving security in Ajax programming rules and techniques in the Developing ColdFusion Applications.
serialization.preservecaseforstructkey False Boolean that determines if case for struct keys should be preserved when serializing a struct to JSON.
serialization.serializequeryas row Determines how queries should be serialized to JSON. Possible values are row, column, and struct.
serialization.preserveCaseForQueryColumn false If true, column case will be preserved.

A comma-delimited list of names of files. Tells ColdFusion not to call the onMissingTemplate method if the files are not found. Use this variable to prevent ColdFusion from invoking the onMissingTemplate handler if all of the following items are true:

  • Your web server (for example, web.xml file) has a welcome file list with CFML pages such as index.cfm that it tries to run if a URL specifies a path ending in a directory.
  • The web server sends a request for CFML pages the welcome list to ColdFusion without first determining if the page exists.
  • You want to support directory browsing in directories that do not have any of the files on the welcome file list.
    You specify this variable only if the Application.cfc file also specifies an onMissingTemplate handler. It must have the same list of files as your web.xml welcome file list.Note: You do not need to use the welcomeFileList variable with most "pure" web servers, such as Apache. The welcomeFileList variable has to be used with most integrated web and application servers.
smtpServersettings   A struct that contains the following values: server, username, and password.If no value is specified, takes the value in the administrator.
sameformfieldsasarray false If the form fields have the same name, ColdFusion converts the form fields as an array instead of a list. To do this, in the Application.cfc, specify the following: this.sameformfieldsasarray = "true". Note: The empty string values will be preserved only if this is set to true.
timeout   This number represents how long an individual request can take. Timeout set using overrides the timeout in the Application.cfc using this.timeout="".
debuggingIPAddresses   A list of IP addresses that need debugging.
enablerobustexception   Overrides the default administrator settings. It does not report compile-time exceptions.
javaSettings   A structure allowing you to specify Java class paths to be made available to your code. Valid keys are: loadPaths (an array of paths to include when searching for Java libraries), loadColdFusionClassPath (a boolean indicating if the default class path should be used, defaults to false), and reloadOnChange (a boolean indicating if the classpaths should be reloaded when they change, the default is false).
javasettings.watchInterval   Specifies the time interval in seconds after which to verify any change in the class files or JAR files. This attribute is applicable only if the reloadOnChange attribute is set to true. The default value is 60 seconds.
javasettings.watchExtensions   Specifies the extensions of the files to monitor for changes. By default, only .class and .jar files are monitored.
searchImplicitScopes true Allows you to enable or disable searching for an un-scoped variable in implicit scopes.
serialization.structmetadata   Set the data type info for a struct value. For example, if this.serialization.structmetadata = {zipcode="String"};, you need not define the data type for zipcode for the struct that contains this key. If you define the datatype for zipcode in the struct itself, then the defined datatype at struct level takes priority over the one defined in Application.cfc.

Form fields with same name

Assume that the form fields have same name. In this case, ColdFusion converts the form fields as an array instead of a list.To do this, in the Application.cfc, specify the following: this.sameformfieldsasarray = "true".The default value is false.

Enhancements made in ColdFusion (2016 release)

serialization.structmetadata that defines the datatype for a struct key.

There is a new application setting, searchImplicitScopes. When set to false, an un-scoped variable is not searched in implicit scopes.

Enhancements made in ColdFusion 11

In ColdFusion 11, you can register application-specific datasources in Application.cfc. These datasources will be specific to that application and will not be available through the Administrator. If there is a name clash with a server-wide datasource, the one specific to the application will be given the priority. 


With a custom driver:

this.datasources.dsn3 = { 
    "driver" = "other", 
    "username" = "sa", 
    "password" = "S33N0Ev!l",             


The following drivers are supported:

  • MSSQLServer
  • Oracle
  • Sybase
  • DB2
  • Informix
  • MySQL_DD
  • PostgreSQL
  • MSAccess
  • Apache Derby Embedded
  • Apache Derby Client

  • MySQL5

  • ODBCSocket

  • Other (for custom driver)

Use this.datasources as shown in the examples below.

// Application.cfc
component { = "DSNTest";
        this.datasources = { 
                mssql_app = { 
                    database = "<DBName>", 
                    host = "<HostNameOrIP>", 
                    port = "<portNumber>", 
                    driver = "MSSQLServer", 
                    username = "username", 
                    password = "password" } 
        this.datasource = "mssql_app";
<!--- query.cfm --->
    employees = queryExecute("SELECT * FROM TableName ",[], {datasource="mssql_app"});

Enhancements made in ColdFusion 9.0.1

Application.cfc lets you specify data source authentication details for the data source. The data source settings can now be a string or a struct. When string, it is considered to be the data source name and authentication information is taken from the data source defined in the ColdFusion Administrator.
You can specify the authentication information using a struct value for data source. The following are the key names:

  • name: data source name
  • username: Username for the data source
  • password: Password for the data source

    <this.datasource={name='cfartgallery', username="user", password="passwd"}>



    Note: The same convention is used for ORM default data source where you can specify the data source authentication information in the ormsettings.

    The following application-specific attributes have been added for Amazon S3 integration:

  • accessKeyId: ID for Amazon S3 account.
  • awsSecretKey: Secret key for S3 account.
  • defaultLocation:}}The default location of Amazon S3 bucket creation. A bucket on S3 storage can be in one of the following regions: {{US, EU, or US-WEST.The defaultLocation provided in the Application.cfc defines the default location for the bucket that you create. The default value is US.

    this.s3.accessKeyId = "key_ID";
    this.s3.awsSecretKey = "secret_key";

Application-specific In-memory file system

You can use in-memory file system specific to applications. This enables application isolation for your virtual file system. That is, the file created in the in-memory file system by one application will not be accessible to another application.
The settings can be specified in the Application.cfc as follows:




Set the value to true to enable in-memory file system for application. This is the default setting.


Specify the memory limit in MB for the in-memory file system.You can also specify the value in the ColdFusion Administrator (Server Settings > Settings > Memory Limit per Application for In-Memory Virtual File System).The lesser value is considered.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy