Defines application level variables and event handlers (functions invoked at various application lifecycle events).

component {"myApp"; }

Application.cfc String

Name of application. Up to 64 characters

this.loginStorage String
Default: cookie

cookie: store login information in the Cookie scope.
session: store login information in the Session scope.
  • cookie
  • session

this.clientManagement boolean
Default: NO

enables client variables

this.clientStorage String
Default: registry

How client variables are stored
* datasource_name: in ODBC or native data source.
You must create storage repository in the
* registry: in the system registry.
* cookie: on client computer in a cookie. Scalable.
If client disables cookies in the browser, client
variables do not work
  • cookie
  • registry
  • datasource_name

this.setClientCookies boolean
Default: YES

No: CFML does not automatically send CFID and CFTOKEN
cookies to client browser; you must manually code CFID and
CFTOKEN on the URL for every page that uses Session or
Client variables

this.sessionManagement boolean
Default: NO

enables session variables

this.sessionTimeout Timespan

Lifespan of session variables. CreateTimeSpan function and
values in days, hours, minutes, and seconds, separated by

this.applicationTimeout Timespan

Lifespan of application variables. CreateTimeSpan function
and values in days, hours, minutes, and seconds, separated
by commas.

this.setDomainCookies boolean
Default: NO

Yes: Sets CFID and CFTOKEN cookies for a domain (not a host)
Required, for applications running on clusters.

this.scriptProtect String

Specifies whether to attempt to protect variables from cross-site scripting attacks.
- none: do not protect variables
- all: protect Form, URL, CGI, and Cookie variables
- comma-delimited list of ColdFusion scopes: protect variables in the specified scopes
  • none
  • all
  • form
  • url
  • cookie
  • cgi
  • form,url
  • form,url,cookie
  • form,url,cookie,cgi

this.secureJSONPrefix String

CF 8+ The security prefix to put in front of the value that a ColdFusion function returns in JSON-format
in response to a remote call if the secureJSON setting is true.

this.secureJSON Boolean

CF 8+ A Boolean value that specifies whether to add a security prefix in front of any value that a ColdFusion function returns in JSON-format
in response to a remote call.

this.customTagPaths String

CF 8+ A file path to a directory containing custom tags.

this.mappings Struct

CF 8+ A structure of application mappings where they key is the mapping and the value is the directory path.

this.welcomeFileList String

CF 8+ A comma seperated list of file names that will skip onMissingTemplate invocation - typically only necessary if you are using a builtin web server like Tomcat or JRun.

this.serverSideFormValidation Boolean

CF 9+ Enable/Disable ColdFusion‚ server side validation on CFFORM.

this.googleMapKey String

CF 9+ the google maps api when cfmap is used.

this.datasource String

CF 9+ Defines the default datasource for the application. As of CF 9.0.1+ it can also accept a struct with keys: name, username, password.

this.s3 Struct

CF 9+ A struct with keys accessKeyId, awsSecretKey and defaultLocation.

this.ormEnabled boolean
Default: false

CF 9+ Set to true if you want to use ORM.

this.ormSettings Struct

CF 9+ A struct with various Hibernate / ORM configuration options. For details see:

this.smtpServerSettings Struct

CF 9+ A struct with possible keys: server, username and password.

this.timeout Numeric

CF 9+ The default request timeout in seconds for requests within the application. Can be overridden by the cfsetting tag.

this.debuggingIPAddresses String

CF 9+ A list of IP addresses which show debugging output when debugging is enabled in the Administrator.

this.enableRobustException boolean

CF 9+ Overrides the value of the ColdFusion Administrator checkbox "Enable Robust Exception Information" for the application.

this.sessioncookie.httpOnly boolean
Default: true

CF 10+ Specifies if the session cookies (CFID/CFTOKEN) should have the HTTPOnly cookie flag set. This prevents the cookie value from being read from JavaScript. boolean
Default: false

CF 10+ Specifies if the session cookies (CFID/CFTOKEN) should have the secure cookie flag set. When true the cookies are only sent over a secure transport (eg HTTPS).

this.sessioncookie.domain string
Default: false

CF 10+ Specifies the cookie domain the session cookies (CFID/CFTOKEN).

this.sessioncookie.timeout string
Default: 30 years

CF 10+ Specifies the expires value of the session cookies (CFID/CFTOKEN), in days. Set to -1 for browser session cookies.

this.sessioncookie.disableUpdate boolean
Default: false

CF 10+ Prevents the session cookies (CFID/CFTOKEN), from being updated by cfcookie or cfheader tags.

this.javaSettings.loadPaths array

CF 10+ An array of paths containing jar files or java classes.

this.javaSettings.loadColdFusionClassPath boolean
Default: false

CF 10+ Loads the classes using ColdFusions classloader.

this.javaSettings.reloadOnChange boolean
Default: false

CF 10+ Watches the files specified in loadPaths and reloads classes on change.

this.wschannels array
Default: false

CF 10+ An array of structs used to define WebSocket communication channels. Example available below.

this.compileExtForInclude boolean
Default: cfm,cfml

CF 11+ When cfinclude is invoked only file extensions in this list are compiled and executed as CFML, otherwise they are statically included as a string for improved performance and security. You can use * as a wildcard for all. String

CF 11+ Path to an AntiSamy XML policy file for use with isSafeHTML and getSafeHTML functions.

this.strictNumberValidation boolean
Default: true

CF 11+ Makes isValid, cfargument, cfparam, and cfform more strict with reguard to how the treat integer or numeric validation when the string contains a currency.

this.inMemoryFileSystem.enabled boolean

CF 11+ Enables or disables in memory file system.

this.inMemoryFileSystem.size numeric

CF 11+ Memory limit in MB for the in memory file system.

this.datasources struct

CF 11+ Create multiple an application specific datasources. This value is a structure whos keys are the name of the datasource to be created, and the values are another structure with keys such as: database, driver, host, username, password, url. Lucee / Railo also support this setting, but are configured with keys class, connectionString, username, password

this.serialization.preserveCaseForStructKey boolean
Default: true

CF 11+ Preserves the case of your variable names when generating json using the serializeJSON function.

this.customSerializer numeric

this.locale string
Default: en_US

Lucee 4+ The default locale used for formatting dates, numbers.

this.timezone string

Lucee 4+ The default timezone used for date handling.
  • America/Chicago
  • America/New_York
  • UTC

this.sessionType string

Lucee 4+ Use cfml or jee based sessions.
  • cfml
  • jee

this.sessionStorage string
Default: memory

Lucee 4+ The name of the storage provider for session variables.

this.localeMode string
Default: classic

Lucee 4+ Defines how the local scope of a function is invoked when a variable with no scope definition is used. When classic the local scope is only invoked when the key already exists in it, with modern the local scope is always assumed on unscoped variables.
  • classic
  • modern

this.scopeCascading string
Default: standard

Lucee 4+ Depending on this setting Lucee scans certain scopes to find a variable when the variable is called without a scope (For Example: #myVar# instead of #variables.myVar#). When strict, only scans the variables scope, small only scans variables, url, and form scopes. When standard (the ColdFusion standard way) scans all scopes: variables,cgi,url,form,cookie
  • standard
  • strict
  • small

this.typeChecking boolean

Lucee 4+ If set to false Lucee ignores type defintions with function arguments and return values

this.compression boolean
Default: false

Lucee 4+ Enables Gzip compression on the HTTP response when true

this.passArrayByReference boolean
Default: false

CF 2016+ true: Arrays will be passed by reference instead of by value for this application.

this.searchImplicitScopes boolean
Default: true

CF 2016+ Defines the way non-scoped variables are found.
false: Only the variables, local and arguments scopes are searched.
true: Default and < CF2016 behaviour. All scopes are searched in the following order: local, arguments, thread local, query, thread, variables, cgi, cffile, url, form, cookie, client.

Links more information about Application.cfc

Examples sample code using the Application.cfc function

Simple Application.cfc Example

A very basic script example

component { = "AppName";
    this.datasource = "AppDataSource";
    this.sessionManagement = true;

    function onApplicationStart() {


Adding relative mappings in Application.cfc

This example uses getCurrentTemplatePath and getDirectoryFromPath to dynamically get the directory that the current Application.cfc resieds in and then defines some mappings relative to that. You want to avoid using expandPath in Application.cfc because the path will be relative to the current template path not the Application.cfc path.

component { = "AppName";
    this.appBasePath = getDirectoryFromPath(getCurrentTemplatePath());
    this.mappings["/components"] = this.appBasePath & "components";
    this.mappings["/frameworks"] = this.appBasePath & "frameworks";


Defining WebSocket Channels

The minimum required to create a WebSocket channel is the name attribute. A channel can also specify a custom channel listener CFC, if not specified the ChannelListener.cfc, available in wwwroot/CFIDE/websocket directory is called (Using Channel Listeners).

Note: Though you can use any number of sub-channels, you do not specify them as they are dynamically created (dot notation). To subscribe to channels you create a WebSocket object using the cfwebsocket tag in your CFM template.

component { = "AppName";
    this.wschannels = [{name=channelName, cfclistener=channel_listener_CFC}];

Relative mappings - Advanced Example

This example shows how to map to directories that are a level up from the Application.cfc (web root) as well as how to handle an application that will need to be deployed on multiple operating systems (Mac, Unix, Windows) due to differing developer environments. It uses Find to determine if we need to use forward or back slashes in our paths and ListDeleteAt to drop the current directory from the path. We can then build the path for our mappings and custom tags using this information.

component { = "AppName";
    this.currentPath = getDirectoryFromPath( getCurrentTemplatePath() );
    this.delim = find("/", this.currentPath) ? "/" : "\";
    this.basePath = listDeleteAt(this.currentPath, listLen(this.currentPath, this.delim), this.delim);
    this.mappings["/components"] = this.basePath & this.delim & "components";
    this.mappings["/frameworks"] = this.basePath & this.delim & "frameworks";
    this.customtagpaths = this.basePath & this.delim & "customtags";


Full Application/Request Lifecycle Methods

This shows all of the built-in Application.cfc methods.

component { 
        Application variables 
    */ = "YourAppName" & hash(getCurrentTemplatePath()); 
    this.applicationTimeout = createTimeSpan(1,0,0,0); 
    this.sessionTimeout = createTimeSpan(1,0,0,0); 
    this.sessionManagement = true; 
    this.setClientCookies = false; 
        First function run when ColdFusion receives the first request for a page in the application. 
    public boolean function onApplicationStart() { 
        return true; 
        Last function run when Application times out or server is shut down. 
    public void function onApplicationEnd(struct applicationScope={}) { 
        Run when first setting up a session. 
    public void function onSessionStart() { 
        Run when a session ends. 
    public void function onSessionEnd(required struct sessionScope, struct applicationScope={}) { 
        First page-processing function run when a page request starts. 
        Return False to prevent ColdFusion from processing the request. 
    public boolean function onRequestStart(required string targetPage) { 
        return true; 
        Runs when a request starts, after the onRequestStart event handler. 
        This method is optional. If you implement this method, it must explicitly call the requested page to process it. 
    public void function onRequest(required string targetPage) { 
        include arguments.targetPage; 
        Intercepts any HTTP or AMF calls to an application based on CFC request. 
        Whereas onRequest handles only requests made to ColdFusion templates, this function controls Ajax, Web Service, and Flash Remoting requests. 
    public void function onCFCRequest(string cfcname, string method, struct args) { 
        Runs at the end of a request, after all other CFML code. 
    public void function onRequestEnd() { 
        Runs when you execute the CFML tag cfabort or cfscript "abort". 
        If showError attribute is specified in cfabort, onError method is executed instead of onAbort. 
        When using cfabort, cflocation, or cfcontent tags, the onAbort method is invoked instead on onRequestEnd. 
    public void function onAbort(required string targetPage) { 
        Runs when an uncaught exception occurs in the application. 
        This method overrides any error handlers that you set in the ColdFusion Administrator or in cferror tags. It does not override try/catch blocks. 
    public void function onError(required any exception, required string eventName) { 
        Runs when a request specifies a non-existent CFML page. 
        True, or no return value, specifies that the event has been processed. If the function returns false, ColdFusion invokes the standard error handler. 
    public boolean function onMissingTemplate(required string targetPage) { 
        return true; 

Fork me on GitHub