ColdFusion MX 7 Login Security (Page 2 of 13)

The ColdFusion Application Framework has been in existence for as long as I can remember. And while it is still hanging around in ColdFusion MX 7 it has drastically changed - for the better. ColdFusion Components or CFC's are probably the most discussed new feature in CFMX 7 and the new Application Framework is built around this new way to write ColdFusion. Now, you program your Application "guts" inside of the Application.cfc file instead of the Application.cfm (and OnRequestEnd.cfm) files. You can still use these files for your Application code, but be aware that if ColdFusion finds an Application.cfc it will use it instead of Application.cfm.

In your ColdFusion editor of choice, open up the Application.cfc file you downloaded with this tutorial. If you're familiar with CFC's you'll be right at home with the code. This CFC is made up of several special methods each serving a specific purpose. Unlike the Application.cfm file where the entire template executed on each ColdFusion request, the various methods in the Application.cfc file execute at special times. When an application receives its first request, the Application.cfc file begins its lifecycle by having its constructor code run. This block of code is the area beginning just after the CFCOMPONENT tag and before the first CFFUNCTION tag. Any time an instance of a component is created (and in our case, the start of our application) this code will automatically execute.

26. <cfcomponent name="Application"
                displayname="Application Component for the Login Security Tutorial">
28.   <cfset this.name = "loginSecurity">
29.   <cfset this.applicationTimeout = CreateTimeSpan(0,0,0,45)>
30.   <cfset this.sessionManagement = "true">
31.   <cfset this.sessionTimeout = CreateTimeSpan(0,0,0,30)>
32.   <cfset this.clientManagement = "false">

In the old school Application.cfm template you would define various options for your application by way of the CFAPPLICATION tag. The CFMX7 equivalent is this constructor area of the Application.cfc. Here we define our Application name, timeouts, etc., using the built-in "this" scope of all CFC's. The "this" scope is a protected scope that represents the CFC instance itself. In other words, the variables we define as "this" in the CFC are local variables (to the CFC) that any method of the CFC can access. Variables stored in this scope are protected from resources outside of the CFC. In our secure login application we'll be setting relatively short application and session timeouts so you can test the code without having to wait a long time for things to expire. With the Application.cfc constructor out of the way, let's take a look at some of the important methods in any Application.cfc.