Ensures the integrity of shared data. Instantiates the following kinds of locks:

  • Exclusive - Allows single-thread access to the CFML constructs in its body. The tag body can be executed by one request at a time. No other requests can start executing code within the tag while a request has an exclusive lock. ColdFusion issues exclusive locks on a first-come, first-served basis.
  • Read-only - Allows multiple requests to access CFML constructs within the tag body concurrently. Use a read-only lock only when shared data is read and not modified. If another request has an exclusive lock on shared data, the new request waits for the exclusive lock to be released.



timeout = "time-out in seconds" 
name = "lock name" 
scope = "Application|Server|Session|Request" 
throwOnTimeout = "yes|no" 
type = "readOnly|exclusive"> 
<!--- CFML to be synchronized. ---> 

 You can specify this tag's attributes in an attributeCollection attribute whose value is a structure. Specify the structure name in the attributeCollection attribute and use the tag's attribute names as structure keys.

See also

cfapplicationcfassociatecfmessageboxUsing Persistent Data and Locking in the Developing ColdFusion Applications


ColdFusion 8: Added Request value to scope attribute.









Maximum length of time, in seconds, to wait to obtain a lock. If lock is obtained, tag execution continues. Otherwise, behavior depends on throwOnTimeout attribute value. If you set timout="0", the timeout is determined by the "Timeout Requests after x" setting in the ColdFusion Administrator Settings page, if that setting is enabled. However, if the setting is not enabled, and you set timeout="0", ColdFusion can wait indefinitely to obtain the lock.




Locks name. Mutually exclusive with the scope attribute. Only one request can execute the code within a {{cflock}}tag with a given name at a time. Cannot be an empty string.Permits synchronizing access to resources from different parts of an application. Lock names are global to a ColdFusion server. They are shared among applications and user sessions, but not clustered servers.




Locks scope. Mutually exclusive with the name attribute. Only one request in the specified scope can execute the code within this tag (or within any other cflock tag with the same lock scope) at a time.

  • Application
  • Request
  • Server
  • Session




How time-out conditions are handled:

  • yes: exception is generated for the time-out.
  • no: execution continues past this tag.




  • readOnly: lets more than one request read shared data.
  • exclusive: lets one request read or write shared data.

Limit the scope of code that updates shared data structures, files, and CFXs. Exclusive locks are required to ensure the integrity of updates, but read-only locks are faster. In a performance-sensitive application, substitute read-only locks for exclusive locks where possible, for example, when reading shared data.


ColdFusion is a multi-threaded server; it can process multiple page requests at a time. Use the cflock tag for these purposes:

  • To ensure that modifications to shared data and objects made in concurrently executing requests occur sequentially.
  • Around file manipulation constructs, to ensure that file updates do not fail because files are open for writing by other applications or tags.
  • Around CFX invocations, to ensure that ColdFusion can safely invoke CFXs that are not implemented in a thread-safe manner. (This applies only to CFXs developed in C+.) To work safely with ColdFusion, a C+ CFX that maintains and manipulates shared (global) data structures must be made thread-safe; however, this requires advanced knowledge. You can use a CFML custom tag wrapper around a CFX to make its invocation thread-safe. When you display, set, or update variables in a shared scope, use the scope attribute to identify the scope as Server, Application or Session.


deadlock is a state in which no request can execute the locked section of a page. After a deadlock occurs, neither user can break it, because all requests to the protected section of the page are blocked until the deadlock can be resolved by a lock time-out.
The cflock tag uses kernel level synchronization objects that are released automatically upon time out and/or the abnormal termination of the thread that owns them. Therefore, while processing a cflock tag, ColdFusion never deadlocks for an infinite period. However, large time-outs can block request threads for long periods, and radically decrease throughput. To prevent this, always use the minimum time-out value.Another cause of blocked request threads is inconsistent nesting of cflock tags and inconsistent naming of locks. If you nest locks, everyone accessing the locked variables must consistently nest cflock tags in the same order. Otherwise, a deadlock can occur. These examples show situations that cause deadlocks:

Example deadlock with two users

User 1

User 2

Locks the session scope.

Locks the Application scope.

Deadlock: Tries to lock the Application scope, but it is already locked by User 2.

Deadlock: Tries to lock the Session scope, but it is already locked by User 1.

The following deadlock could occur if you tried to nest an exclusive lock inside a read lock:

Example deadlock with one user

User 1

Locks the Session scope with a read lock.

Attempts to lock the Session scope with an exclusive lock.

Deadlock: Cannot lock the Session scope with an exclusive lock because the scope is already locked for reading.

The following code shows this scenario:

<cflock timeout = "60" scope = "SESSION" type = "readOnly"> 
<cflock timeout = "60" scope = "SESSION" type = "Exclusive"> 

To avoid a deadlock, everyone who nests locks must do so in a well-specified order and name the locks consistently. If you must lock access to the Server, Application, and Session scopes, do so in this order:

  1. Lock the Session scope. In the cflock tag, specify scope = "session".
  2. Lock the Application scope. In the cflock tag, specify scope = "Application".
  3. Lock the Server scope. In the cflock tag, specify scope = "server".
  4. Unlock the Server scope.
  5. Unlock the Application scope.
  6. Unlock the Session scope.

If you do not have to lock a scope, you can skip any pair of these lock/unlock steps. For example, if you do not have to lock the Server scope, you can skip Steps 3 and 4. Similar rules apply for named locks.

For more information, see the following:

  • Using Persistent Data and Locking in the Developing ColdFusion Applications.
  • Locking thread data and resource access in the Developing ColdFusion Applications (for information on locking the Request scope when you use the  cfthread  tag to create multithreaded ColdFusion applications).


This example shows how cflock can guarantee consistency of data updates to variables in the 
Application, Server, and Session scopes. ---> 

<!--- Copy the following code into an Application.cfm file in the 
application root directory. ---> 
<!---------------- Beginning of Application.cfm code ---------------> 
<!--- cfapplication defines scoping for a ColdFusion application and enables or disables 
storing of application and session variables. Put this tag in a special file called 
Application.cfm. It is run before any other ColdFusion page in its directory. ---> 

<!--- Enable session management for this application. ---> 
<cfapplication name = "ETurtle" 
sessionTimeout = #CreateTimeSpan(0,0, 0, 60)# 
sessionManagement = "yes"> 

<!--- Initialize session and application variables used by E-Turtleneck. Use session scope 
for the session variables. ---> 
<cflock scope = "Session" 
timeout = "30" type = "Exclusive"> 
<cfif NOT IsDefined("session.size")> 
<cfset session.size = ""> 
<cfif NOT IsDefined("session.color")> 
<cfset session.color = ""> 

<!--- Use an application lock for the application-wide variable that keeps track of the 
number of turtlenecks sold. For a more efficient, but more complex, way of handling 
Application scope locking, see the "Developing ColdFusion Applications"---> 
<cflock scope = "Application" timeout = "30" type = "Exclusive"> 
<cfif NOT IsDefined("application.number")> 
<cfset application.number = 0> 

<!----------------------- End of Application.cfm -----------------------> 

<h3>cflock Example</h3> 

<cfif IsDefined("form.submit")> 
<!--- The form has been submitted; process the request. ---> 
Thanks for shopping E-Turtleneck. You chose size <b>#form.size#</b>, 
color <b>#form.color#</b>.<br><br> 

<!--- Lock the code that assigns values to session variables. ----> 
<cflock scope = "Session" timeout = "30" type = "Exclusive"> 
<cfparam name = session.size Default = #form.size#> 
<cfparam name = session.color Default = #form.color#> 

<!---- Lock the code that updates the Application scope number of turtlenecks sold. ---> 
<cflock scope = "Application" timeout = "30" type = "Exclusive"> 
<cfset application.number = application.number + 1> 
E-Turtleneck has now sold #application.number# turtlenecks! 

<!--- Show the form only if it has not been submitted. ---> 
<cflock scope = "Application" timeout = "30" type = "Readonly"> 
E-Turtleneck has sold #application.number# turtlenecks to date. 

<form method="post" action="cflocktest.cfm"> 
<p>Congratulations! You selected the most comfortable turtleneck in the world. 
Please select color and size.</p> 
<table cellspacing = "2" cellpadding = "2" border = "0"> 
<td>Select a color.</td> 
<td><select type = "Text" name = "color"> 
<option>forest green 
<td>Select a size.</td> 
<td><select type = "Text" name = "size" > 
<td>Press Submit when you are finished making your selection.</td> 
<td><input type = "Submit" name = "submit" value = "Submit"> </td> 


Get help faster and easier

New user?