Mastering The ColdFusion Application Framework

0 of 0

  1. Ben Nadel

    • Chief Software Engineer, Epicenter Consulting
    • Author of The Blog of Ben Nadel (www.bennadel.com)
    • Adobe Community Profession
    • Adobe Certified ColdFusion Developer
    • Co-Manager New York ColdFusion User Group
    • ColdFusion, XHTML, CSS, jQuery Developer

  2. Aren't These The ColdFusion Frameworks?

    • ColdBox
    • Model-Glue
    • Mach-ii
    • Framework One (FW/1)
    • FuseBox
    • etc.

  3. Application.cfc Is The ColdFusion Application Framework

    • Ships with ColdFusion 7+
    • Most frameworks build on top of Application.cfc features
    • Event-driven
    • Front Controller for all incoming ?HTTP? requests

  4. Why Bother Mastering Application.cfc?

    • It's wicked sexy!
    • It's very powerful
    • It's very granular
    • Allows us to get very creative with our problem solving
    • Helps us to understand why errors happen

  5. What Is A ColdFusion "Application"?

    • Your code is not the running Application
    • The running Application is a memory space
    • Code association is not implicit
    • Relationship must be re-established on every page request

  6. Binding A Request To A ColdFusion Application


  7. The Mechanics Of Request-Application Binding


  8. Each Request Re-Configures Your Application


    • Application.cfc is your application configuration
    • ColdFusion uses most recent Application.cfc instance

  9. Application Events

    • Request-Specific Events: Current Application.cfc
      • onApplicationStart()
      • onSessionStart()
      • onRequestStart()
      • onRequest() / onCFCRequest()
      • onRequestEnd()
      • onError()
      • onMissingTemplate()
    • Application-Specific Events: Cached Application.cfc
      • onSessionEnd()
      • onApplicationEnd()

  10. Sessions Make This Party More Exciting

    • Sessions are also memory spaces
    • Application-specific
    • Code association is not implicit
    • Relationship must be re-established on every page request

  11. The Mechanics Of Request-Session Binding


    NOTE: J2EE Sessions use different cookies.

  12. Each Request Re-Configures Your Session


    • Application.cfc is your session configuration
    • ColdFusion uses most recent Application.cfc instance

  13. Application Properties

    • Application-Specific Properties
      • Uses cached Application.cfc
      • this.applicationTimeout
    • Session-Specific Properties (ie. User)
      • Uses cached Application.cfc
      • this.sessionTimeout
    • Request-Specific Properties
      • Uses current Application.cfc
      • this.sessionManagement
      • CFSetting

    NOTE: Application.cfc-caching is "intent", not implementation

  14. ColdFusion Framework Behavioral Implications

    • Very dynamic
    • Granular, per-request control over all aspects

  15. Practical Applications Of The ColdFusion Framework


  16. Get Current Application / Session Settings

    • Get settings used for this page request
    • Assumes no random settings
    • Idea by Terry Ryan, Platform Evangelist for Adobe

    View Demo 1

  17. Managing API Requests

    • API component caching
    • Error handling
    • Data transformations
    • Easier in CF9: onCFCRequest() event handler
    • Crucial Take Away: they're all just page requests!

    View Demo 2

  18. Maintaining Sessions With Flash / Active-X

    • When cookies are not inherently passed
    • XStandard WYSIWYG editor (Active-X)
    • CFFileUpload (Flash)

    View Demo 3

  19. Maintaining Session Without Cookies

    • You can't control 3rd party systems
    • You can depend on unique user values
    • Manufacture session tokens

    View Demo 4

  20. Creating "Session Cookies" For User Security

    • By default, CFID / CFTOKEN don't expire
    • "Session tokens" expire when browser is closed

    View Demo 5

  21. Encrypting Session Cookies For User Security

    • Store encrypted cookies on client
    • Decrypt cookies on each page request
    • Security audits don't like CFID / CFTOKEN

    View Demo 6

  22. Single-Threading Session Initialization

    • onSessionStart() only fires once!
    • "User" is undefined in "Session"
    • Is this a bug????

    View Demo 7

  23. Better Memory Management For Spiders / Bots

    • Can assume that Session always exists
    • Black-List Approach
      • Only catches the most comon spiders
    • White-List Approach
      • Defines non-bots as clients that support cookies
      • Might force developer to store stuff in cookies

    View Demo 8

  24. Delaying Session Management Until User Logs In

    • Can be tricky (small initial session)
    • Can be very tricky (no initial session)

    View Demo 9

  25. End An Application

    • Can try messing with application TimeOut
    • ColdFusion 9: applicationStop()

  26. End A Session

    • Shorten the session timeout
    • Undocumented: session.setMaxInactiveInterval( 1 )

    View Demo 10

  27. Safer Garbage Collection

    • A page can run longer than session timeout
    • Be careful what you clear in your onSessionEnd() event handler
    • NOTE: For debugging, not for use-case

  28. Pre-Request Decryption

    • Decrypt request parameters before they are used

    View Demo 11

  29. There's So Much More

    • We only scratched the surface!
    • PLUS - All The ColdFusion 9 Stuff
      • this.datasource
      • ORM
      • onCFCRequest()

  30. Thank You For Listening

    • Ben Nadel
    • Blog: http://www.bennadel.com
    • Email: ben@bennadel.com
    • Ask Ben: http://www.bennadel.com/ask-ben
    • Consulting: http://www.epicenterconsulting.com