Before you develop a ColdFusion application, determine how to structure the application and how to handle application-wide needs and issues. In particular, consider all of the following:
- The overall application framework
- Reusable application elements
- Shared variables
- Application events and the Application.cfc file
- Application-level settings and functions
- Application security and user identification
The application framework is the overall structure of the application and how your directory structure and application pages reflect that structure. Use a single application framework to structure multiple ColdFusion applications into a single website or Internet application. You can structure a ColdFusion application by using many methodologies. For example, the Fusebox application development methodology is one popular framework for developing ColdFusion web applications. (For more information on Fusebox, see www.fusebox.org.)
Information on how to use or develop a specific application framework is not provided. However, there is information about the tools that ColdFusion provides for building your framework, including the Application.cfc file, how an application's directory structure affects the application, and how you map the directory structure. For more information on mapping the application framework, see Structuring an application.
ColdFusion provides a variety of reusable elements that you use to provide commonly used functionality and extend CFML. These elements include the following:
The following ColdFusion variable scopes maintain data that lasts beyond the scope of the current HTTP request:
|Variable scope||Variables available|
|Server||To all applications on a server and all clients|
|Application||To all pages in an application for all clients|
|Client||For a single client browser over multiple browser sessions in one application|
|Session||For a single client browser for a single browser session in one application|
For more information on using these variables, including how to use locks to ensure that the data they contain remains accurate, see Using Persistent Data and Locking.
Application events are specific occurrences during the life cycle of an application. Each time one of these events occurs, ColdFusion runs the corresponding method in your Application.cfc file (also referred to as the application CFC). The Application.cfc file defines application settings and implements methods to handle the application events.
Implement application CFC methods to handle the following events:
|Application start||ColdFusion starts processing the first request for a page in an application that is not running.|
|Application end||An application time-out setting is reached or the server shuts down.|
|Session start||A new session is created as a result of a request that is not in an existing session.|
|Session end||A session time-out setting is reached.|
|Request start||ColdFusion receives a request, including HTTP requests, messages to the event gateway, SOAP requests, or Flash Remoting requests.|
|Request||Immediately after ColdFusion finishes processing the request start event. The handler for this event is intended for use as a filter for the request contents. For more information on the differences between request start and request events, see Managing requests in Application.cfc in Defining the application and its event handlers in Application.cfc.|
||ColdFusion finishes processing all pages and CFCs for the request.|
|Exceptions||An exception occurs that is not handled in a try/catch block.|
The Application.cfc file also defines application-wide settings, including the application name and whether the application supports Session variables.
For more information on using application events and the Application.cfc file, see Defining the application and its event handlers in Application.cfc.
Adobe recommends that when defining application-level settings, variables, and functions in new code, you do not use the techniques used
If you do not have an Application.cfc file, ColdFusion processes the following two pages, if they are available, every time it processes any page in the application:
- The Application.cfm page is processed before each page in the application.
- The OnRequestEnd.cfm page is processed after each page in the application.
UNIX systems are case-sensitive. To ensure that your pages work on UNIX, always capitalize the A in Application.cfm and the O, R, and E in OnRequestEnd.cfm.
The Application.cfm page can define the application. It can contain the
The OnRequestEnd.cfm page is used in fewer applications than the Application.cfm page. It lets you provide common clean-up code that gets processed after all application
The OnRequestEnd.cfm page does not execute if the page runs a cflocation tag.
You can create a ColdFusion application without using an Application.cfc, Application.cfm, or OnRequestEnd.cfm page. However, it is much easier to use the Application.cfm page than to have each page in the application use a cfapplication tag and define common application elements.
Set the following on a per-application basis:
- Custom tag paths
These settings override the server-side settings in the ColdFusion Administrator for the specified application only. Specifying per application settings does not change the server-wide settings. To set per-application settings, first enable per-application settings on the Settings page of the ColdFusion Administrator. You then set the mappings or custom tag paths in the Application.cfc file.
Custom Tags in per-application settings override those defined in the ColdFusion Administrator. For example, if you have two custom tags of the same name and they are in different locations in the Administrator and per-application settings, the one in the per-application settings is taken first.
Per-application settings are supported in applications that use an Application.cfc file only, not in applications that use an Application.cfm file. The per-application settings do not work if you have disabled application variables in the Memory Variables page of the Administrator.
All applications must ensure that malicious users cannot make improper use of their resources. Additionally, many applications require user identification, typically to control the portions of a site that the user accesses, to control the operations that the user performs, or to provide user-specific content. ColdFusion provides the following forms of application security to address these issues:
- Resource (file and directory-based) security Limits the ColdFusion resources, such as tags, functions, and data sources that application pages, in particular directories, access. Consider the resource security needs of your application when you design the application directory structure.
- User (programmatic) security Provides an authentication (login) mechanism and a role-based authorization mechanism to ensure that users only access and use selected features of the application. User security also incorporates a user ID, which you use to customize page content. To implement user security, you include
securitycode, such as the cfloginand cfloginusertags, in your application.For more on implementing security, see Securing Applications.