Understanding the Web Application Framework

A ColdFusion application is a collection of application pages that work together. Applications can be as simple as a guest book or as sophisticated as a full Internet commerce system with catalog pages, shopping carts, and reporting. You can combine individual applications to create advanced Web systems.

The ColdFusion Web Application Framework is based on four basic components:

Application-level settings and functions
Client, Session, Application, and Server scope variables
Custom error handling
Web server security integration

With these components, you can easily combine your ColdFusion application pages to create sophisticated Web applications.

Application-level settings and functions

ColdFusion provides application-level facilities that help you control settings, variables, and features available across the entire application. After you define an application, you can use the application-level features in addition to all of the other features in ColdFusion.

You specify application-level settings in the Application.cfm and OnRequestEnd.cfm files. Application.cfm is executed when ColdFusion starts processing each page in your application, and OnRequestEnd.cfm is processed after all other processing is completed for the page.

Client, Session, Application, and Server scope variables

ColdFusion provides four variable scopes that let you to maintain data that must last beyond the scope of the current page.

Variable Scope

Description

Client
Contains variables that are available for a single client browser over multiple browser sessions in an application. Client variables are stored as cookies, database entries, or Registry values. Client variables can time out after an extended period.
You cannot access the Client scope as a data structure. You should use the Client scope prefix in the variable name, but it is not required.

Session
Contains variables that are available for a single client browser for a single browser session in an application. Session variables are stored in memory and time out after a period of inactivity or when the server shuts down.
You can access the Session scope as a data structure. You must use the Session scope prefix in the variable name.

Application
Contains variables that are available to all pages in an application for all clients. Application variables are stored in memory and time out after a period of inactivity or when the server shuts down.
You can access the Application scope as a data structure. You must use the Application scope prefix in the variable name.

Server
Contains variables that are available to all applications in a server and all clients. Server variables are stored in memory. They do not time out, and are only deleted when the server stops running.
You cannot access the Server scope as a data structure. You must use the Server scope prefix in the variable name.

Variable Scope	Description
Client	Contains variables that are available for a single client browser over multiple browser sessions in an application. Client variables are stored as cookies, database entries, or Registry values. Client variables can time out after an extended period. You cannot access the Client scope as a data structure. You should use the Client scope prefix in the variable name, but it is not required.
Session	Contains variables that are available for a single client browser for a single browser session in an application. Session variables are stored in memory and time out after a period of inactivity or when the server shuts down. You can access the Session scope as a data structure. You must use the Session scope prefix in the variable name.
Application	Contains variables that are available to all pages in an application for all clients. Application variables are stored in memory and time out after a period of inactivity or when the server shuts down. You can access the Application scope as a data structure. You must use the Application scope prefix in the variable name.
Server	Contains variables that are available to all applications in a server and all clients. Server variables are stored in memory. They do not time out, and are only deleted when the server stops running. You cannot access the Server scope as a data structure. You must use the Server scope prefix in the variable name.

ColdFusion does not attempt to automatically evaluate Application, Session, or Server variables. You must use variable prefixes with these variables, as in Session.variablename or Application.variablename. As a general rule you should prefix all these variables with their scope identifier.

ColdFusion provides locking functions to manage access to Session, Application, and Server variables. Because these variables are kept in your server's memory, you must lock them when you use them to prevent errors that arise from simultaneous access.

Caution

Understanding lock management and using locks effectively is vital to correctly using Session, Application, and Server scope variables. For more information on locking, see "Locking Code with cflock".

Custom error handling

You can use the cferror tag to display customized HTML pages when errors occur in your application. This allows you to maintain a consistent look and feel within your application even when errors occur. It also allows you to optionally suppress the display of error information.

For more information, see "Generating Custom Error Messages with cferror".

Web server security integration

You can integrate your applications with the user authentication and security provided by your Web server. In addition, the ColdFusion Server offers a security framework that controls access to applications, pages, data sources, and users. You set the bounds of a security domain using the cfauthenticate tag.

For more information, see Chapter 19, "Application Security".

Developing ColdFusion Applications
Using the Application Framework