Category Archives: Uncategorized

Using the ColdFusion Administrator – Basics

ColdFusion Administrator

Initial administration tasks

Immediately after you install ColdFusion, you might have to perform some or all the administrative tasks described in the following table:

Task Description
Establish database connections ColdFusion applications require data source connections to query and write to databases. To create, verify, edit, and delete database connections, use the Data Sources page. For more information, see Data Source Management for ColdFusion.
Specify directory mappings Directory mappings redirect relative file paths to physical directories on your server. To specify server-wide directory aliases, use the Mappings page. For more information, see Mappings page.
Configure debugging settings Debugging information provides important data about CFML page processing. To choose the debugging information to display, and to designate an IP address to receive debugging information, use the Debugging & Logging section.For more information, see Debugging Output Settings page.
Set up e-mail E-mail lets ColdFusion applications send automated e-mail messages. To configure an e-mail server and mail options, use the Mail Server page.For more information, see Mail page.
Change passwords You might have to change the passwords that you set for the ColdFusion Administrator and Remote Development Service (RDS) during ColdFusion installation. To change passwords, use the Security section.For more information, see Administrator page and RDS page
Define user-specific access to the ColdFusion Administrator To grant user-specific access to the ColdFusion Administrator, you create users and specify a user name, password, applicable sandboxes, and the sections of the ColdFusion Administrator that each user can access. For more information, see Security section
Configure Java settings (Server configuration only) You might have to customize Java settings, such as classpath information, to meet the needs of your applications. To change Java settings, use the Java and JVM page.For more information, see Extensions section.
Restrict tag access Some CFML tags might present a potential security risk for your server. To disable certain tags, use the Sandbox Security page.For more information, see Administering ColdFusion Security.

Accessing user assistance

You can use the buttons on the upper left of the ColdFusion Administrator to access online Help, information about additional resources, and system information.

Online Help Click the question-mark icon on any ColdFusion Administrator page to access the context-sensitive online Help. The online Help has procedural and brief overview content for the ColdFusion Administrator page that you are viewing. This information appears in a new browser window and contains standard Contents, Index, and Search tabs.

System Information Click System Information to see information about the ColdFusion server, including version number, serial number, and JVM details.

Resources Click Resources to display the Resources page, which provides links to the following:

  • Getting Started experience
  • Example applications
  • Product Information
  • Technical Support and Training
  • Additional Installers
  • Product Updates
  • Community Resources
  • Security-related Information

Server Settings section

The Server Settings section lets you manage client and memory variables, mappings, charting, and archiving. It also allows you to configure e-mail and Java settings.

Settings page

The Settings page of the ColdFusion Administrator contains configuration options that you can set or enable to manage ColdFusion. These options can significantly affect server performance. The following table describes the options:

Option Description
Timeout Requests After (Seconds) Prevents unusually lengthy requests from using up server resources. Enter a limit to the time that ColdFusion waits before terminating a request. Requests that take longer than the time-out period are terminated.
Enable Per App Settings Lets developers programmatically define ColdFusion settings such as mappings and debugging per application.
Use UUID For cftoken Specify whether to use a universally unique identifier (UUID), rather than a random number, for a cftoken.
Enable HTTP Status Codes Configures ColdFusion to set a status code of 500 Internal Server Error for an unhandled error. Disable this option to configure ColdFusion to set a status code of 200 OK for everything, including unhandled errors.
Enable Whitespace Management Compresses repeating sequences of spaces, tabs, and carriage returns and linefeeds. Compressing whitespace can significantly compact the output of a ColdFusion page. This option is enabled, by default.
Disable Access To Internal ColdFusion Java Components Prevents CFML code from accessing and creating Java objects that are part of the internal ColdFusion implementation. This prevents a non-authenticated CFML template from reading or modifying administration and configuration information for this server.
Disable CFC Type Check Turns off verifying the CFC type when calling methods with CFCs as arguments. This option also disables verifying an object that implements the right interface. Enabling this option can improve the performance of your application. However enable it only on a production server.
Disable Access To Internal ColdFusion Java Components Prevents CFML code from accessing and creating Java objects that are part of the internal ColdFusion implementation. This prevents a non-authenticated CFML template from reading or modifying administration and configuration information for this server.
Preserve Case for Struct Key for Serialization Maintains and preserves the case in which keys of a struct have been defined. If not checked, keys will be converted to uppercase.Cases for struct keys were not preserved in the past versions of ColdFusion. The struct keys get converted to upper case automatically.For instance, consider the following code:<cfscript>
data = {};
data.empName = “”;
data.age=26 ;
data.SomeValue = “”;
serializedStr = serializejson(data);
In ColdFusion 10 and earlier versions, the output generated by the above code will be:{‘EMPNAME’=”, ‘AGE’=”}

For ColdFusion 11 and following, the output generated will be:

{‘empName’=”, ‘age’=”}

To enable case preservation of struct keys, change the setting in the ColdFusion Administrator, as discussed above.

Note: This setting is used during compilation of the CFML page and therefore if this flag is changed (in the administrator or programmatically), any pages relying on the change must be recompiled. This is done typically by simply editing the file (make any change at all) and re-executing it. If “trusted cache” is enabled in the ColdFusion Administrator, you must clear the template cache (of at least those affected files), which can also be done from within the ColdFusion Administrator Caching page.

To enable case preservation of struct keys at the application level, modify the application.cfc file by setting:

this.serialization.preservecaseforstructkey = true

Prefix serialized JSON with Protects web services, which return JSON data from cross-site scripting attacks by prefixing serialized JSON strings with a custom prefix.
Enable In-Memory File System Enables the in-memory virtual file system support. By default, this is enabled.
Memory Limit for In-Memory Virtual File System Lets you specify the memory limit in Megabytes (MB) for in-memory virtual file system.
Watch Configuration Files For Changes (Check Every nSeconds) Sets ColdFusion to monitor its configuration files and automatically reload them if they change. This action is required if you deploy ColdFusion in a WebSphere ND vertical cluster, because multiple instances of ColdFusion share the same configuration files. It is recommended that you do not enable this feature for most installations.
Enable Global Script Protection Protects Form, URL, CGI, and Cookie scope variables from cross-site scripting attacks. Select this option if your application does not contain this type of protection logic.Enabling the global site protection replaces all the null bytes (%00) with an %20. This is to prevent Null Byte injection Attacks as part of the Protection.To disable this protection just for cookie scope the following workaround can be used.

  • Enable Script Protection from CF Administrator
  • Navigate to CF_HOME\cfusion\lib directory and open neo-security.xml and search for string FORM,URL,COOKIE,CGI & change the string to FORM,URL,CGI
  • Restart the server
Allow Extra Attributes in AttributeCollection Specify whether ColdFusion tags can pass non-standard attributes in the attributecollection structure.
Clear temporary files created during CFaaS after Specify the time in minutes after which the temporary files created during CF as a Service(CFaaS) operation must be deleted. The default value is 30 minutes.
ORM Search Index Directory Specify the index directory (the one in which all persistent entities, of an application’s indexable data, are saved) either at the server-level or application-level.
Default ScriptSrc Directory Specify the default path (relative to the web root) to the directory that contains the cfform.js file. Developers reference this file in the ScriptSrc attribute of the cfform tag. In a hosted environment, you might need to move the cfform.js file to a directory other than CFIDE.
Google Map API Key Specify the Google Map API license key that you require to access Google Maps.
Component with onServerStart() method Specify the absolute path to a CFC having onServerStart() method or specify a dot delimited CFC path under web root, like “a.b.server”. By default, ColdFusion looks for server.cfc under web root.
Allowed file extensions for<cfinclude> tag (New in ColdFusion 11) Specify the list of allowed file extensions (as a comma separated list) while using the tag. Specifying a wildcard (‘*’) in the list makes any file included using the tag to be compiled. If any other file included using the tag is not found in this list, their content will be statically included. By default files with the extensions cfm and cfml always gets compiled irrespective of this setting. This value can be overridden at the application-level using the key compileExtForInclude in theApplication.cfc/Application.cfm file.
Application.cfc/Application.cfmlookup order Select the order in which ColdFusion searches for Application.cfm or Application.cfc if it is not found in the current project folder. You can set ColdFusion to search as follows:

  • default search order: ColdFusion looks for an Application.cfc/Application.cfm file from the current folder until the system root directory. On Windows, this could be C:\ and on UNIX, /opt.
  • till web root: ColdFusion looks for an Application.cfc/Application.cfm file from the current folder till web root.
  • in web root: ColdFusion looks for an Application.cfc/Application.cfm file in the current folder or web root.
Missing Template Handler Specify a page to execute when ColdFusion cannot find a requested page. This specification is relative to the web root.Note: If the user is running Microsoft Internet Explorer with “Show Friendly HTTP error messages” enabled, Internet Explorer displays this page only if it contains more than 512 bytes.
Site-Wide Error Handler Specify a page to execute when ColdFusion encounters an error while processing a request. This specification is relative to the web root. When you define a site-wide error handler or missing template handler, ColdFusion does not log page-not-found errors and exceptions.Note: If the user is running Internet Explorer with Show Friendly HTTP Error Messages enabled, Internet Explorer only displays this page if it contains more than 512 bytes.
Maximum Size Of Post Data Limits the amount of data that can be posted to the server in a single request. ColdFusion rejects single requests larger than the specified limit.
Request Throttle Threshold Requests smaller than the specified limit are not queued or counted as part of the total memory. Requests larger than the specified limit are counted as part of total memory and are queued if the request throttle-memory size is exceeded.
Request Throttle Memory Limits total memory size for the throttle. If sufficient total memory is not available, ColdFusion queues requests until enough memory is free.
Disable Creation of unnamed application Disallows creation of unnamed applications.
Allow REST Discovery Specify whether to allow Adobe API Manager to discover REST services published in ColdFusion.

Request Tuning page

Simultaneous request tuning overview

You can specify the number of simultaneous requests that can be processed for each of the following types of requests:

  • CFM page requests
  • CFC method invocations (via an HTTP GET)
  • Flash Remoting requests
  • Web Service requests
  • The settings are contained completely within ColdFusion code and work across all J2EE application servers. You do not have to restart the ColdFusion server for changes to the configuration to take effect. JSP processing is not affected by these changes.
  • Note: The Flash Remoting request control setting applies to remoting that uses ActionScript 2.0 and ActionScript 3.0, with each type treated independently. For example, a setting of 5 means that up to 5 ActionScript 2.0 Flash Remoting and 5 ActionScript 3.0. Flash Remoting requests are allowed simultaneously.

Capabilities by edition

  • Standard Edition: Only the Async CFML, DirectoryWatcher, Socket, and user written event gateways are enabled. The maximum number of threads in the pool for the cfthread tag is limited to 10. Only the CFM page request limit is adjustable.
  • Enterprise Edition: All event gateways are supported. The number of threads in the pool for the cfthread tag is unlimited. You can adjust the limits for each request type (CFM page, CFC, Flash Remoting, and Web Service) independently.

Client Variables page

You enable client variable default settings in ColdFusion on the Client Variables page of the Administrator. ColdFusion lets you store client variables in the following ways:

  • In database tables
  • Note: If your data source uses one of the JDBC drivers bundled with ColdFusion 10, ColdFusion can automatically create the necessary tables. If your data source uses the ODBC Socket or a third-party JDBC driver, you manually create the necessary CDATA and CGLOBAL database tables.
  • As cookies in the web browsers
  • In the operating system registry
  • Note: Adobe recommends that you do not store client variables in the registry because it can critically degrade performance of the server. If you use the registry to store client variables, you allocate sufficient memory and disk space.
  • To override settings specified in the Client Variables page, use the Application.cfc file or the cfapplication tag. For more information, see the Developing ColdFusion Applications.

Store client variables in a data source

  1. On the Client Variables page, in the Select Data Source to Add as Client Store table, select a data source from the drop-down.
  1. Click Add. The Add/Edit Client Store page for the data source appears.
  1. Select options for the data source, as described in the following table. (To exit from the page without saving changes, click the left-arrow icon.)
Option Description
Description A description of the client data store and its settings. Not displayed for Registry.
Create Client database tables If ColdFusion can determine that the database you use supports SQL creation of database tables, this option appears, and you do not need to create the client variable tables before they are used. In this case, the Create Client Database Tables option appears on the Add/Edit Client Store page; if you select this option, ColdFusion creates the necessary tables in the database. If the database does not support SQL table creation, if the database already has the required tables, or if you are using the Registry, this option does not appear.
Purge data for clients that remain unvisited for n days Typically, client data is saved for a limited time. To delete (purge) client data that has not been accessed in a specified number of days, select this option and enter a value for the number of days. If a cluster of ColdFusion servers uses this data source, ensure that only one server is configured to purge client data.
Disable global client variable updates By default, ColdFusion updates client variables for every page request. To prevent ColdFusion from updating variables, select this option. If updates are disabled, ColdFusion updates global client variables only when they are first created and when they are updated. This helps improve application performance.
  1. Click Submit Changes. The Client Variables page appears, with your data source in the list.
  1. In the Select Default Storage Mechanism for Client Sessions table, select the data source.
  1. Click Apply.

Store client variables in a cookie or in the system registry

  1. In the Client Variables page, select Cookie or Registry.
  1. Click Apply.

Client variable storage options

Storage type Advantages Disadvantages
Data source
  • Can use existing data source
  • Portable: not tied to the host system or operating system
  • Requires database transaction to read/write variables
  • More complex to implement
Browser cookies
  • Simple implementation
  • Good performance
  • Can be set to expire automatically
  • Client-side control
  • Users can configure browsers to disallow cookies
  • Cookie data is limited to 4-KB
  • Netscape Navigator allows only 20 cookies from one host; ColdFusion uses three cookies to store read-only data, leaving only 17 cookies available
System registry
  • Simple implementation
  • Good performance
  • Registry can be exported easily to other systems
  • Server-side control
  • Possible restriction of the registry’s maximum size limit in Windows in the Control Panel
  • Integrated with the host system: not practical for clustered servers
  • Not available for UNIX
  • Applicable only for Windows

Migrating client variable data

To migrate your client variable data to another data source, determine the structure of the database tables that store this information. Client variables stored externally use two simple database tables, as shown in the following tables:


Column Data type
cfid CHAR(64), TEXT, VARCHAR, or equivalent
app CHAR(64), TEXT, VARCHAR, or equivalent
data MEMO, LONGTEXT, LONG VARCHAR, or equivalent


Column Data type
cfid CHAR(64), TEXT, VARCHAR, or equivalent
data MEMO, LONGTEXT, LONG VARCHAR, or equivalent
lvisit TIMESTAMP, DATETIME, DATE, or equivalent

Creating client variable tables

Use the following sample ColdFusion page as a model for creating client variable database tables in your own database.

However, keep in mind that not all databases support the same column data type names. For the proper data type, see your database documentation.

Scheduled Tasks page

Information that is read more often than written is a good candidate for scheduled tasks. Instead of executing a query to a database every time the page is requested, ColdFusion renders the static page with information that the scheduled event generates. Response time is faster because no database transaction takes place.

You can run scheduled tasks once; on a specified date; or at a specified time, daily, weekly, or monthly; daily; at a specified interval; or between specified dates.

When a scheduled page executes, ColdFusion writes a message to a log file called schedule.log automatically. This file identifies the name of the scheduled action, the page to be executed, and whether the task scheduled executed successfully.You can pause and resume scheduled tasks.

The Scheduled Task page lets you create, edit, pause, resume, and delete scheduled tasks. This page has the following areas:

Area Description
Schedule New Tasks Click to add new scheduled task.
Actions Click the icons to run, pause, edit or remove the schedule task.
Task Name Identifies the names of the existing tasks scheduled to run.
Duration Identifies the duration of the task to run.
Interval Identifies how often this task runs. The values for this column can be Once, Daily, or DailyEvery.
  • Application Level Scheduled Tasks: Provides a list of application-specific tasks that you have scheduled, with task details in tabular format. The table provides details such as actions, application name, group, task name, duration, interval, last run, next run, repeat count, and if cluster is enabled.
  • Note: Application-specific tasks cannot be created using ColdFusion Administrator. But you can pause, resume, or delete the tasks.
  • Server Level Scheduled Tasks: Provides a list of server-specific tasks that you have scheduled, with task details in tabular format. The table provides new details such as group, next run, repeat count, if cluster is enabled, and the remaining task count.

Enable Cluster Setup: Applies if you have at least one data source configured. Specify the following details:

  • Select Data source: All the data sources you have connected to are listed.
  • Create Tables for Cluster Setup: Check to create scheduler-specific tables for cluster.
  • Note: Enable this option only for one node in the cluster. Otherwise, the tables are overridden. If you have created tables from one node, in other nodes you need to only select and choose the data source. All nodes will point to the same data source and therefore will be part of the cluster.
  • After you specify the details, click Submit.
  • To disable cluster, select the option Disable Cluster.

Add/Edit Scheduled Task page

Add/Edit Scheduled Task page lets you add or edit task. Click Submit after you specify the following tasks. When the page loads for the first time, you are provided with only minimum options to create the task. Click Show Additional Settings to list all settings.

Option Description
Task Name Enter a name for the task in the Task Name text box.
Duration Enter the start and end dates for the task. The end date is optional. If you want this task to execute continuously, leave the End Date text box blank.
Frequency Select the schedule for running this task:

  • One-time Schedules the task to run once on the start date and scheduled time specified. Specify the date and time. The task must be set at least 15 minutes in the future in order for the task to execute successfully
  • Recurring Schedules the task to run daily, weekly, or monthly at the specified time.
  • Daily every Schedules the task to repeat during a day. Specify Start Time and End Time to designate when the task begins and ends. Specify Hours, Minutes, Seconds to set an interval after which the task repeats.
URL Enter the URL for the ColdFusion page that you want to execute. You can execute a local page or a page on a remote ColdFusion Server, assuming that you have the proper access rights.
Username (Optional) Specify a user name only if the page you want to execute is in a secure location.
Password (Optional) Specify a password only if the page you want to execute is in a secure location.
Timeout (Optional) Specify a timeout setting. This helps prevent requests from stalling due to an overloaded web server, a network problem, or a page that takes too long to execute.
Proxy Server: Port (Optional) If this request must be routed through a proxy server, enter the URL and Port number of that proxy server.
Publish; File (Optional) To publish an output file of this task, select the Save Output to a File option and then, in the File text box, enter the full path and filename of the output file. Note that the Publish file in scheduled tasks can now only have .txt and .log extensions by default. You can add more extensions in cfusion\lib\neo-cron xml.
Resolve URL (Optional) Select the Resolve URL option to replace any relative URLs used in links returned in the result page to absolute URLs.
Group The group to which the scheduled tasks belong. Ensure that the combination of task name and group are unique.
Crontime Specify task scheduling time in cron job syntax.
Overwrite If not selected, creates new output files every time the task executes.Select to overwrite the existing output file, instead of creating a new one.
Eventhandler A CFC file whose pre-defined methods are invoked for various events while running the task. The path you specify can be relative to webroot for example, schedulerdemo.eventhandler, or use a ColdFusion mapping.
Exclude Comma-separated list of dates or date range for exclusion in the schedule period.
On Misfire Specify what the server has to do if a scheduled task misfires.
On Exception Specify what to do if a task results in error.
On Complete The action to be performed after the completion of current task. Specify the details in the following format:Task1:Group1,Task3:Group3
Priority An integer that indicates the priority of the task.
Retry Count The number of reattempts if the task results in an error.
Cluster Enable to execute tasks in cluster setup.