Before you develop a ColdFusion application, determine how to structure the application and how to handle application-wide needs and issues. In particular, consider all of the following:

  • The overall application framework
  • Reusable application elements
  • Shared variables
  • Application events and the Application.cfc file
  • Application-level settings and functions
  • Application security and user identification

The application framework

The application framework is the overall structure of the application and how your directory structure and application pages reflect that structure. Use a single application framework to structure multiple ColdFusion applications into a single website or Internet application. You can structure a ColdFusion application by using many methodologies. For example, the Fusebox application development methodology is one popular framework for developing ColdFusion web applications. (For more information on Fusebox, see
Information on how to use or develop a specific application framework is not provided. However, there is information about the tools that ColdFusion provides for building your framework, including the Application.cfc file, how an application's directory structure affects the application, and how you map the directory structure. For more information on mapping the application framework, see Structuring an application.

Reusable application elements

ColdFusion provides a variety of reusable elements that you use to provide commonly used functionality and extend CFML. These elements include the following:

  • User-defined functions (UDFs)
  • CFML custom tags
  • ColdFusion components (CFCs)
  • CFX (ColdFusion Extension) tags
  • Pages that you include using the cfinclude tag
    For an overview of these elements, and information about how to choose among them, see Creating ColdFusion Elements.

Shared variables

The following ColdFusion variable scopes maintain data that lasts beyond the scope of the current HTTP request:

Variable scope Variables available
Server To all applications on a server and all clients
Application To all pages in an application for all clients
Client For a single client browser over multiple browser sessions in one application
Session For a single client browser for a single browser session in one application

For more information on using these variables, including how to use locks to ensure that the data they contain remains accurate, see Using Persistent Data and Locking.

Application events and the Application.cfc file

Application events are specific occurrences during the life cycle of an application. Each time one of these events occurs, ColdFusion runs the corresponding method in your Application.cfc file (also referred to as the application CFC). The Application.cfc file defines application settings and implements methods to handle the application events. 
Implement application CFC methods to handle the following events:

Event Trigger
Application start ColdFusion starts processing the first request for a page in an application that is not running.
Application end An application time-out setting is reached or the server shuts down.
Session start A new session is created as a result of a request that is not in an existing session.
Session end A session time-out setting is reached.
Request start ColdFusion receives a request, including HTTP requests, messages to the event gateway, SOAP requests, or Flash Remoting requests.
Request Immediately after ColdFusion finishes processing the request start event. The handler for this event is intended for use as a filter for the request contents. For more information on the differences between request start and request events, see Managing requests in Application.cfc in Defining the application and its event handlers in Application.cfc.
Request end
ColdFusion finishes processing all pages and CFCs for the request.
Exceptions An exception occurs that is not handled in a try/catch block.

The Application.cfc file also defines application-wide settings, including the application name and whether the application supports Session variables.
For more information on using application events and the Application.cfc file, see Defining the application and its event handlers in Application.cfc.

Other application-level settings and functions

Adobe recommends that when defining application-level settings, variables, and functions in new code, you do not use the techniques used previous to ColdFusion MX 7. Instead, use the Application.cfc file and its variables and methods, which provide more features and include logical, hierarchical structure. 
If you do not have an Application.cfc file, ColdFusion processes the following two pages, if they are available, every time it processes any page in the application:

  • The Application.cfm page is processed before each page in the application.
  • The OnRequestEnd.cfm page is processed after each page in the application.


UNIX systems are case-sensitive. To ensure that your pages work on UNIX, always capitalize the A in Application.cfm and the O, R, and E in OnRequestEnd.cfm.

The Application.cfm page can define the application. It can contain the cfapplication tag that specifies the application name, and code on this page is processed for all pages in the application. This page can define application-level settings, functions, and features.
The OnRequestEnd.cfm page is used in fewer applications than the Application.cfm page. It lets you provide common clean-up code that gets processed after all application pages, or specify dynamic footer pages.


The OnRequestEnd.cfm page does not execute if the page runs a cflocation_ tag._

For more information on the Application.cfm and OnRequestEnd.cfm pages, see Using an Application.cfm page. For information on placing these pages in the application directory structure, see Structuring an application.


You can create a ColdFusion application without using an Application.cfc, Application.cfm, or OnRequestEnd.cfm page. However, it is much easier to use the Application.cfm page than to have each page in the application use a cfapplication tag and define common application elements.

Specifying settings per application

Set the following on a per-application basis:

  • Mappings
  • Custom tag paths
    These settings override the server-side settings in the ColdFusion Administrator for the specified application only. Specifying per application settings does not change the server-wide settings. To set per-application settings, first enable per-application settings on the Settings page of the ColdFusion Administrator. You then set the mappings or custom tag paths in the Application.cfc file.
    Custom Tags in per-application settings override those defined in the ColdFusion Administrator. For example, if you have two custom tags of the same name and they are in different locations in the Administrator and per-application settings, the one in the per-application settings is taken first.


Per-application settings are supported in applications that use an Application.cfc file only, not in applications that use an Application.cfm file. The per-application settings do not work if you have disabled application variables in the Memory Variables page of the Administrator.

Set the mappings per application

  1. Check the Enable Per App Settings option on the Settings page of the ColdFusion Administrator.

  2. Include code like the following in your Application.cfc file:

    <cfset THIS.mappings["/MyMap"]="c:\inetpub\myStuff">


    <cfset StructInsert(THIS.mappings, "/MyMap", "c:\inetpub\myStuff")>

    (To use the second format, you must first create a THIS.mappings structure.)

Set the custom tag paths per application

  1. Check the Enable Per App Settings option on the Settings page of the ColdFusion Administrator.

  2. Include code like the following in your Application.cfc file:

    <cfset customtagpaths = ListAppend(customtagpaths,"c:\mapped3")>
    <cfset This.customtagpaths = customtagpaths>

Application security and user identification

All applications must ensure that malicious users cannot make improper use of their resources. Additionally, many applications require user identification, typically to control the portions of a site that the user accesses, to control the operations that the user performs, or to provide user-specific content. ColdFusion provides the following forms of application security to address these issues:

  • Resource (file and directory-based) security Limits the ColdFusion resources, such as tags, functions, and data sources that application pages, in particular directories, access. Consider the resource security needs of your application when you design the application directory structure.
  • User (programmatic) security Provides an authentication (login) mechanism and a role-based authorization mechanism to ensure that users only access and use selected features of the application. User security also incorporates a user ID, which you use to customize page content. To implement user security, you include security code, such as the cflogin and cfloginuser tags, in your application.For more on implementing security, see Securing Applications.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy