Application.cfc / <cfapplication>

The name of your application. This name can be up to 64 characters long.

Required for application and session variables, optional for client variables.

By using a different name, i.e. based off cgi.http_host, you can run multiple, separate instances of an application using the same directory / code base.

alias for default datasource

the default datasource for this environment

A structure that contains datasources definitions.

A structure that contains log definitions.

_{Alias: log}

Array of structs that defines the mailserver configuration. Each struct configures one mailserver.

• host (string): host name of smtp server
• port (numeric): port number of smtp server
• username (string): smtp username
• password (string): smtp userpassword
• ssl (boolean): enable secure connections via SSL
• tls (boolean): enables Transport Layer Security.
• lifeTimespan (timespan): overall timeout for the connections established to the mail server.
• idleTimespan (timespan): idle timeout for the connections established to the mail server

// e.g. of configuration in Application.cfc
this.mailservers =[ {
	  host: 'smtp.some-email-domain.com'
	, port: 587
	, username: 'mymailaccount@some-email-domain.com'
	, password:  'encrypted:8f7eb9...342'
	, ssl: false
	, tls: true
	, lifeTimespan: createTimeSpan(0,0,1,0)
	, idleTimespan: createTimeSpan(0,0,0,10)
}];

_{Alias: mail}

A structure that contains cache definitions.

_{Alias: cache}

The action to perform on the CFML application.

• create: creates a new CFML application context and overwrites any existing application
• update: updates the existing CFML application context if one exists, otherwise creates a new one

The default value is: create.

create

storage for the login data:

• cookie: store login information in the Cookie scope
• session: store login information in the Session scope

Yes or No. Enables client variables. Default is No.

Specifies how Lucee stores client variables:

• memory: the session is only kept in memory
• cookie: the session is stored in the client cookie
• file (default): the session is stored in a local file
• "datasource-name"|"cache-name": when you select a name of an available datasource or cache, the client scope will be stored in there

Lucee provide 2 kind of sessions:

• cfml: session handled by Lucee
• j2ee: session handled by the Servlet Engine used

Default value is defined in the Lucee Web Administrator. "j2ee" can not use a session storage.

Specifies how Lucee stores session variables:

• memory (default): the session is only kept in memory
• cookie: the session is stored in the client cookie
• file: the session is stored in a local file
• "datasource-name"|"cache-name": when you select a name of an available datasource or cache, the session scope will be stored in there

If set to true, lucee uses the storage backend for the client scope as master and Lucee checks for changes in the storage backend with every request.

If set to false (default), the storage is only used as slave, lucee only initially gets the data from the storage. Ignored for storage type "memory".

if set to true, lucee uses the storage backend for the session scope as master and Lucee checks for changes in the storage backend with every request.

If set to false (default), the storage is only used as slave, lucee only initially gets the data from the storage. Ignored for storage type "memory".

Yes or No. Yes enables client cookies. Default is Yes.

If you set this attribute to"No", Lucee does not automatically send the CFID and CFTOKEN cookies to the client browser; you must manually code CFID and CFTOKEN on the URL for every page that uses Session or Client variables.

if set to true, the CGI Scope is readonly.

true

if set to true (default) the output written to the body of the tag is buffered and in case of an exception also outputted.

if set to false the content to body is ignored and not disabled when a failure in the body of the tag occur.

Yes or No. Yes enables session variables. Default is No.

Enter the CreateTimeSpan function and values in days, hours, minutes, and seconds, separated by commas, to specify the lifespan of session variables.

The default value is specified in the Variables page of the Lucee Administrator.

Enter the CreateTimeSpan function and values in days, hours, minutes, and seconds, separated by commas, to specify the lifespan of client variables.

The default value is specified in the Variables page of the Lucee Administrator.

Sets the lifespan of variables that live in the application scope. Accepts a TimeSpan created using the createTimeSpan() function.

The default value is defined on the Variables page of the Lucee Administrator.

Sets the amount of time Lucee will wait for a request to finish before a request timeout will be raised. This means that the execution of the request will be stopped.

_{Alias: timeout}

Yes or No.

Sets the CFID and CFTOKEN cookies for a domain, not just a single host.

Applications that are running on clusters must set this value to Yes.

The default is No.

Specifies whether to protect variables from cross-site scripting attacks.

You may specify the string value also as a comma separated list to fine tune protection.

• none: disables cross-site scripting protection
• all (default): applies cross-site scripting protection to cgi, url, form and cookie scope variables
• cgi: applies protection to cgi scope variables only
• url: applies protection to url scope variables only
• form: applies protection to form scope variables only
• cookie: applies protection to cookie scope variables only

Array or String list of paths where you have your functions.

general proxy that should be used for all connections with the following format:

{server:"localhost", port:12345, username:"susi", password: "sorglos"}

A structure that contains mappings. Each element in the structure consists of a key and a value.

The logical path is the key and the absolute path is the value.

Define a mapping

Contains custom tag paths.

Contains component paths.

A Boolean value that specifies whether to add a security prefix in front of the value that a function returns in JSON-format in response to a remote call.

webservice type used, only the following is supported

• Axis1 (default): The Apache Axis 1 implementation is used

If disabled, Lucee ignores type definitions with function arguments and return values

true

Enable compression (GZip) for the Lucee Response stream for text-based responses when supported by the client (Web Browser).

Suppress content written to response stream when a Component is invoked remotely. Only works if the content was not flushed before.

The security prefix to put in front of the value that a function returns in JSON-format in response to a remote call if the secureJSON setting is true.

Defines how the local scope of a function is invoked when a variable with no scope definition is used (default value set in the lucee administrator).

• modern: (alias true) new unscoped variables will be set to the Local Scope
• classic (CFML standard): (alias false) new unscoped variables will be set to the Variables Scope

_{Alias: serializationsetting}

tags/attributes default value in the following structure:

{location:{addtoken=false}}

Specifies whether ORM should be enabled for the current application context.

The default is false.

A struct that defines all the ORM settings, the following keys are supported:

• autogenmap(default:true; autogenmap=false is not supported yet): Specifies whether Lucee should automatically generate mapping for the persistent CFCs. If autogenmap=false, mapping should be provided in the form of "{cfc-name}.cfc.hbm.xml" files.
• automanageSession(default:true; not supported yet): Lets you specify if Lucee must manage Hibernate session automatically. If enabled: Lucee manages the session completely. That is, it decides when to flush the session, when to clear the session, and when to close the session. If disabled: The application is responsible for managing flushing, clearing, or closing of the session. The only exception is (in the case of transaction), when the transaction commits, the application flushes the session. Lucee closes the ORM session at the end of request irrespective of this flag being enabled or disabled.
• cacheconfig: Specifies the location of the configuration file that should be used by the secondary cache provider.This setting is used only when secondarycacheenabled=true.
• cacheprovider: Specifies the cache provider that should be used by ORM as secondary cache.
• catalog: Specifies the default Catalog that should be used by ORM.
• cfclocation: Specifies the directory (or array of directories) that should be used by Lucee to search for persistent CFCs to generate the mapping. If cfclocation is set, Lucee looks at only the paths specified in it. If it is not set, Lucee looks at the application directory, its sub-directories, and its mapped directories to search for persistent CFCs.
• datasource: Specifies the data source that should be used by ORM. If it is not specified here, then the data source specified for the application is picked up.

• dbcreate(default:none): Hibernate can automatically create the tables for your application in the database. dbCreate takes the following values:

  • update: Setting this value creates the table if it does not exist or update the table if it exists.
  • dropcreate: Setting this value drops the table if it exists and then creates it.
  • none: Setting this value does not change anything in the database schema.
• dialect: Specifies the dialect.Lucee supports the following dialects: [Cache 2007.1, Cache71, Cache 2007.1, DB2, DB2/390, DB2/400, DB2390, DB2400, DB2AS400, DB2OS390, DataDirectOracle9, Derby, Firebird, FrontBase, H2, H2DB, HSQL, HSQLDB, Informix, Ingres, Interbase, JDataStore, MSSQL, Mckoi, MckoiSQL, MicrosoftSQLServer, Mimer, MimerSQL, MySQL, MySQL/InnoDB, MySQL/MyISAM, MySQL5, MySQL5/InnoDB, MySQL5InnoDB, MySQLInnoDB, MySQLMyISAM, MySQLwithInnoDB, MySQLwithMyISAM, Oracle, Oracle10g, Oracle8i, Oracle9, Oracle9i, Pointbase, PostgreSQL, PostgresPlus, Progress, SAPDB, SQLServer, Sybase, Sybase11, SybaseASE15, SybaseAnywhere, com.ddtek.jdbc.db2.DB2Driver, com.microsoft.jdbc.sqlserver.SQLServerDriver, oracle.jdbc.driver.OracleDriver, org.firebirdsql.jdbc.FBDriver, org.gjt.mm.mysql.Driver, org.h2.Driver, org.hsqldb.jdbcDriver, org.postgresql.Driver]
• eventHandling(default:false): Specifies whether ORM Event callbacks should be given.
• flushatrequestend(default:true): Specifies whether ormflush should be called automatically at request end. If flushatrequestend is false, ormflush is not called automatically at request end.
• logSQL(default:false): Specifies whether the SQL queries that are executed by ORM will be logged. If LogSQL=true, the SQL queries are logged to the console.
• ormconfig: The Hibernate configuration file. This file contains various configuration parameters like, dialect, cache settings, and mapping files that are required for the application. For more details, see http://www.hibernate.org/hib_docs/reference/en/html/session-configuration.html. The settings defined in the ormsettings override the settings defined in the Hibernate Configuration XML file.The connection information in the Hibernate Configuration XML file is however ignored because Lucee uses its own connection pool. You will need to use this only when you need to use a hibernate setting that is not available using ormsetting.
• savemapping(default:false): Specifies whether the generated Hibernate mapping file has to be saved to disc. If you set the value to true, the Hibernate mapping XML file is saved with the filename "CFC name".hbm.xml in the same directory as the CFC. If any value of savemapping is specified in CFC, it will override the value specified in the ormsetting.
• schema: Specifies the default Schema that should be used by ORM.
• secondarycacheenabled(default:false): Specifies whether secondary caching should be enabled
• skipCFCWithError(default:false;not implemented yet): Lets you specify if Lucee must skip the CFCs that have errors. If set to true, Lucee ignores the CFCs that have errors.
• sqlscript: Path to the SQL script file that gets executed after ORM is initialized. This applies if dbcreate is set to dropcreate. This must be the absolute file path or the path relative to the application.The SQL script file lets you populate the tables before the application is accessed.
• useDBForMapping(default:true): Specifies whether the database has to be inspected to identify the missing information required to generate the Hibernate mapping. The database is inspected to get the column data type, primary key and foreign key information.

A struct that defines default S3 settings, this settings can be overwritten as part of the S3 file path, the following keys are supported:

• accessKeyId: S3 access key id
• awsSecretKey: AWS (Amazon Web Service) Secret Key
• defaultLocation(default:us): region for the bucket, possible values are [eu,us,us-west]
• host(default:"s3.amazonaws.com"): hostname of the service

A struct that defines default ftp settings, this settings can be overwritten as part of the ftp file path, the following keys are supported:

• username: username to access the ftp server
• password: password to access the ftp server
• port: port of the FTP server
• host: hostname of the FTP server (lucee.org)

If there is no accessible data member (property, element of the this scope) inside a component, Lucee searches for available matching "getters" or "setters" for the requested property.

The following example should clarify this behaviour.

"somevar = myComponent.propertyName".

If "myComponent" has no accessible data member named "propertyName",

Lucee searches for a function member (method) named "getPropertyName".

An alias for triggerDataMember

name of the cache used for object caching in this context

name of the cache used for function caching in this context

name of the cache used for query caching in this context

name of the cache used for template caching in this context

name of the cache used to store data from ram resource in this context

name of the cache used to store data from an include

name of the cache used to store data from a http tag

name of the cache used to store data from file operations

name of the cache used to store data from webservice calls

closure/udf executed when the requested template does not exist

Sets the country/language locale for CFML processing.

The locale value determines the default format of date, time, number, and currency values, according to language and regional conventions.

change the timezone definition for the current application context.

character set used for output streams, form-, url-, and cgi scope variables and reading/writing the header

character set used for reading from/writing to various resources

Depending on this setting Lucee scans certain scopes to find a variable called from the CFML source. This will only happen, when the variable is called without a scope. (Example: #myVar# instead of #variables.myVar#), the following values are supported:

• strict: scans only the variables scope
• small: scans the scopes variables,url,form
• standard: scans the scopes variables,cgi,url,form,cookie

alias to the attribute "scopecascading", takes a boolean value where true is equal to "standard" and false is equal to "struct" scope cascading mode.

For details see the description for the attribute "scopecascading".

When a variable has no scope defined (Example: #myVar# instead of #variables.myVar#), Lucee will also search available resultsets if this is set to true.

_{Alias: searchqueries, searchquery, searchresult}

cfauthorization cookie behaviour

A struct which defines session cookie behaviour; the following keys are supported:

• httpOnly (boolean): Specifies if the session cookies (CFID/CFTOKEN) should have the HTTPOnly cookie flag set. This prevents the cookie value from being read from JavaScript.
• secure (boolean): Specifies if the session cookies (CFID/CFTOKEN) should have the secure cookie flag set. When true the cookies are only sent over a secure transport (eg HTTPS).
• domain (string): Specifies the cookie domain used in the session cookies (CFID/CFTOKEN).
• timeout (string): Specifies the expires value of the session cookies (CFID/CFTOKEN), in days. Set to -1 for browser session cookies.
• sameSite (string): Specifies if the cookies should be restricted to a first-party or same-site context. Possible values for sameSite are lax | strict | none

enable or disable full null support

preserve single quote in injected variables into cfquery.

how to handle variable usage within cfquery,

possible values are

• ignore
• warn
• error

set the timespan for the attribute "cachedAfter" from tag "query".

A comma separated list of file extensions that will be blocked for File Upload operation

A struct that enables loading of application-specific Java libraries from a custom path. The following keys are supported:

• LoadPaths: An array of paths to jar files, or directories containing jar files. This key is required.
• loadCFMLClassPath (default:false): Indicates whether underlying Lucee classes should be loaded.
• reloadOnChange (default:false): Indicates if loaded Java libraries should be watched and reloaded if they change, without needing to restart the server.
• watchInterval (default:60): The interval, in seconds, for checking the loaded Java libraries for changes. Only applicable if reloadOnChange is true.
• watchExtensions (default:"class,jar"): A list of the file extensions to monitor for changes.

Allows to set XML Features to prevent XXE attacks

• disallowDoctypeDecl (true / false)
• externalGeneralEntities (true/false)
• secure (true/false)

A struct containing the configuration for regular expressions

ATM only the key "engine" is supported

Engines:

• perl: Use perl as regex engine
• java: Use java as regex engine

i.e. {engine: "perl"}