Downloads

Download the ColdFusion Scopes Quick Reference (PDF)

by Aaron Longnion
2 min read
Contents show

ColdFusion scopes Quick reference

Adobe ColdFusion (ACF) and Lucee CFML highlights, thread-safety tips, and safe scoping patterns.

Scope Summary

Scope Lifetime Visibility Thread-Safe? Typical Usage Notes
local Function call Within function Yes Temporary vars Use local.x or var x (tags)
arguments Function call Within function Yes Function params Access as arguments.foo
variables CFC/Template Per CFC instance or page Per-instance Private CFC state In CFCs, use for private fields
this CFC lifetime Public members Per-instance Public API Do not store request/user data here
request Single request All code in request Yes Share per-request data Avoid leaking to broader scopes
session User session Per user No (lock) User prefs/login Use named locks for writes
application App lifecycle All users No (lock) App-wide config Initialize once with locking
server Engine uptime Whole CF engine No (lock) Global caches/flags Use sparingly
form Request Current request n/a Form input Validate & sanitize
url Request Current request n/a Query string Validate & sanitize
cookie Client Per client n/a User tokens HttpOnly/Secure/SameSite
cgi Request Current request n/a Headers/env Do not trust blindly
client Configured Per client n/a Optional persistence Consider DB-backed session instead

Best practices

  • Always qualify variables: local, arguments, variables, etc.
  • Lock application and session writes with named locks.
  • Whitelist and validate form/url before use.
  • Use this for public API, variables for private state in CFCs.
  • Prefer request for per-request cache/state.

Examples

// CFScript function scoping
function calcTotal(required numeric price, numeric tax=0) {
  var total = price + (tax ?: 0);
  return total;
}

// Locking session writes
lock name="session.user" type="exclusive" timeout=5 {
  session.user = { id = 123, name = "Ada" };
}

// Safe input
if (!isValid("integer", url.id)) { throw(type="BadInput", message="Invalid id"); }
See also  Download API Gateway Integration Examples for ColdFusion

About the author

Aaron Longnion

Aaron Longnion

Hey there! I'm Aaron Longnion — an Internet technologist, web software engineer, and ColdFusion expert with more than 24 years of experience. Over the years, I've had the privilege of working with some of the most exciting and fast-growing companies out there, including lynda.com, HomeAway, landsofamerica.com (CoStar Group), and Adobe.com.

I'm a full-stack developer at heart, but what really drives me is designing and building internet architectures that are highly scalable, cost-effective, and fault-tolerant — solutions built to handle rapid growth and stay ahead of the curve.

View all posts

You may also like