Click here to close now.

Welcome!

You will be redirected in 30 seconds or close now.

ColdFusion Authors: Yakov Fain, Maureen O'Gara, Nancy Y. Nee, Tad Anderson, Daniel Kaar

Related Topics: ColdFusion

ColdFusion: Article

Why It's Wrong to Use Application.dsn in Your Templates

Why It's Wrong to Use Application.dsn in Your Templates

You've probably seen the use of a variable called "application.dsn" (or "application.datasource") in code. Perhaps you've even been taught to use the method in a class.

Maybe you've even been doing it in your own code. I'm talking about setting this variable in the application.cfm file to hold the name of your data source for a given application.

It seems so innocuous, and it seems to provide ways to make your code easier to maintain (change the dsn variable once in the application.cfm, and all the templates that use it under control of that application.cfm get the benefit of the change).

The Problem
However, there's a problem and it can be a nasty one. This issue has to do with the locking of (or failure to lock) shared-scope variables such as this one, and the fact that rarely does any discussion of this approach include the consequences of using shared variable scopes. There have been other articles in CFDJ on the subject of shared variable locking, as well as Macromedia Knowledge Base articles.

Maybe you didn't make the connection between them and this issue. This article puts the problem in perspective and offers some explanations of how to understand and resolve it. The ultimate solution involves using a "request"-scoped variable instead of an "application"-scoped one.

If you're not familiar with shared variable scopes, or are fuzzy about locking issues, or perhaps have never understood what "request" scope variables are about, this article should help you.

If you do understand these things, change your references to application.dsn to request.dsn, and if you find any locks around code that was using such an application.dsn variable, you need to consider whether those should stay as well. I'll also offer insights into how to find and fix such locking references.

Some Background
You may see code doing this in application.cfm:

<CFSET application.dsn = "whatever">

which declares the variable as "global," in essence, and can therefore be used later in all other templates as in:

<CFQUERY datasource="#application.dsn#" ... >

to refer to that data source name. The upside to this is that if the data source name needs to be changed (from "whatever" to "whatever_test", for instance), you can simply modify the application.cfm to point to the new name, and all templates under its control get the benefit of the change.

It's a good plan, but the use of an application-scoped variable is flawed. It opens you to potentially troublesome locking issues (for more on that, including a good explanation for why it's a problem, see "ColdFusion Locking Best Practices" at www.allaire.com/Handlers/index.cfm?ID=20370&Method=Full). More important, you can have the intended benefit with an equally useful and less troublesome way.

The Solution
For reasons I'll explain in a moment if it's still unclear, I'm suggesting that you stop using the application scope to hold the data source name. However, instead of dropping "application." from the variable name, I'm suggesting that you use the "request" scope. In other words, do the following (in your application.cfm):

<CFSET request.dsn = "whatever">

and then in all your templates do:

<CFQUERY datasource="#request.dsn#" ...>

If it's not clear why this is useful, or how it works, then there may be confusion about:

  • How the application.cfm works like a CFINCLUDE (and how we could, but won't, use a local variable called "dsn")
  • What the request scope is about (and why it's better to use "request.dsn")
Let me explain both. Though it would seem that many understand the first point, I find they often don't and it's fundamental to the rest of the discussion. The use of request scoped variables is also poorly understood by many. The end result is that you'll no longer have to deal with locking issues with regard to this variable.

How Application.cfm Works Like a CFINCLUDE
And How We Could, but Won't, Use a Local Variable Called "dsn"
Nearly every CF developer knows that whenever a CF template is run, CF first tries to execute any application.cfm that exists in the same directory (or its parent directory, or its grandparent, and so on).

What may not be obvious is that CF actually runs the application.cfm like a CFINCLUDE, which means that any variables set there, including "local" variables (such as <CFSET firstname="bob">), are then available to the template that was originally being run.

So let's say we have a template that does the following:

<CFOUTPUT>Hello #firstname#

If it did this and nothing else, you might expect it to fail since you can't refer to variables that don't exist, and it's only outputting the variable, not creating it. But if firstname was set in application.cfm (assuming this template is in a directory controlled by that application.cfm), it can indeed refer to the variable.

Knowing that, you may wonder why the folks who promoted this solution of setting the dsn variable to the application scope even bothered. They could just as easily have said:

<CFSET dsn = "whatever">

and then in all their templates do:

<CFQUERY datasource="#dsn#" ...>

It would work. In fact, there's no need to be using the application scope to pass the variable to all templates (make it global), because any variables set in the application.cfm "trickle down" to all templates, in effect making them global. There are certainly good uses of application scoped variables, but this isn't one of them.

The simple example of setting a variable called "dsn" (or what could be formally specified as variables.dsn, which is the same thing) to hold the name of the data source would work, and would trickle down to all the templates. It's effectively "global," at least for the life of that template, and it's reset at the execution of each template by being executed in the application.cfm each time.

I've recommended that you use "request.dsn" rather than "dsn" or "variables.dsn". Why? And what is the request scope, anyway?

What the Request Scope Is About
And Why It's Better to Use "Request.dsn"
If you understand that setting a local variable called "dsn" will work, can you think of any situation in which your code may expect to have access to that variable but won't? Think hard. Okay, custom tags. Yep, most know that custom tags have their own local variable scope. So a local variable set in the caller (or in the application.cfm) won't be available to the custom tag.

When we were setting the dsn variable to an application scope, it was available in the custom tag (as are all shared scopes and also form, url, cgi, and other variables that are passed to the calling template).

By changing the application.dsn variable to dsn (or variables.dsn, same thing) while it's available in all templates under control of the application.cfm, it's not available to any custom tags called by those templates. That's why we need to use the request scope instead.

Its sole purpose, poorly understood though it is, is to create local variables in a program that are available within custom tags called by that program (and vice versa). That's it. Nothing more.

Many confuse the request scope with some sort of persistence or shared nature (and the fact that there's a different kind of "request" scope in other languages like ASP and JSP only confuses matters further). It's best to think of it as nothing more than a scope that allows local variables to be seen in a custom tag called by the template setting the request scope variable. And since our request.dsn variable is set in the application.cfm, it trickles down to the template being executed and is therefore also available to any custom tags we call as well.

That's why you should use the request scope rather than a local scope.

Remediation of Application.dsn Misuse
One last thought: you may not be able to blindly do a global search and replace application.dsn with request.dsn wherever it occurs. Depending on the savvy of the coder, the use of application.dsn may have at least two wrinkles that require more care than just replacing application.dsn with request.dsn:

  • You may be testing for the existence of application.dsn before setting it in the application.cfm, in which case you need to set the request.dsn outside that test since it will never "already exist."
  • You may have CFLOCKs surrounding CFQUERYs, or CFLOCKs that are moving the application.dsn to a local variable. You wouldn't want to just rename the scope in those instances.
Each of these cases requires a little more care to resolve. I provide further insights into solving these problems on my Web site, www.systemanage.com/cff/application_dsn_bad.cfm.

I hope this article not only helps prevent problems with application.dsn, specifically, but also increases your understanding of request scope variables and application.cfm processing in general.

More Stories By Charlie Arehart

A veteran ColdFusion developer since 1997, Charlie Arehart is a long-time contributor to the community and a recognized Adobe Community Expert. He's a certified Advanced CF Developer and Instructor for CF 4/5/6/7 and served as tech editor of CFDJ until 2003. Now an independent contractor (carehart.org) living in Alpharetta, GA, Charlie provides high-level troubleshooting/tuning assistance and training/mentoring for CF teams. He helps run the Online ColdFusion Meetup (coldfusionmeetup.com, an online CF user group), is a contributor to the CF8 WACK books by Ben Forta, and is frequently invited to speak at developer conferences and user groups worldwide.

Comments (3) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
charlie arehart 04/15/08 02:16:10 PM EDT

Thanks for that, Brian. I should add that while this article was from 2001, since CF7 we now have application.cfc and its onapplicationstart method. That does change things a bit, in that one could safely create an application variable there and it really would be created only once, at the start of the application. For that reason, I suppose it may no longer be so "wrong" to see application.dsn--but again, that's only if you're using this feature. Otherwise, it may be better to stick with the request scope as discussed in the article.

Brian 04/04/08 03:17:23 PM EDT

Very informative! I've been wondering what the request scope is for such a long time and no other resource did such a great job of explaining it.

Charlie Arehart 08/31/01 10:36:00 AM EDT

A read asked by email: "don't you also need to lock request vars?" The answer is no. They're not shared by any other user. More particularly, they're not shared by any other "thread".

The request scope, like the variables scope, is local to the running program and belongs only to it. It's a single thread of execution, so there's no risk of conflict with other threads, as with the "shared scope" variables, server, application, and session.

@ThingsExpo Stories
Connected devices and the Internet of Things are getting significant momentum in 2014. In his session at Internet of @ThingsExpo, Jim Hunter, Chief Scientist & Technology Evangelist at Greenwave Systems, examined three key elements that together will drive mass adoption of the IoT before the end of 2015. The first element is the recent advent of robust open source protocols (like AllJoyn and WebRTC) that facilitate M2M communication. The second is broad availability of flexible, cost-effective storage designed to handle the massive surge in back-end data in a world where timely analytics is e...
Collecting data in the field and configuring multitudes of unique devices is a time-consuming, labor-intensive process that can stretch IT resources. Horan & Bird [H&B], Australia’s fifth-largest Solar Panel Installer, wanted to automate sensor data collection and monitoring from its solar panels and integrate the data with its business and marketing systems. After data was collected and structured, two major areas needed to be addressed: improving developer workflows and extending access to a business application to multiple users (multi-tenancy). Docker, a container technology, was used to ...
SYS-CON Events announced today that BMC will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. BMC has worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to mobile, BMC pairs high-speed digital innovation with robust IT industrialization – allowing customers to provide amazing user experiences with optimized IT per...
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
2015 predictions circa 1970: houses anticipate our needs and adapt, city infrastructure is citizen and situation aware, office buildings identify and preprocess you. Today smart buildings have no such collective conscience, no shared set of fundamental services to identify, predict and synchronize around us. LiveSpace and M2Mi are changing that. LiveSpace Smart Environment devices deliver over the M2Mi IoT Platform real time presence, awareness and intent analytics as a service to local connected devices. In her session at @ThingsExpo, Sarah Cooper, VP Business of Development at M2Mi, will d...
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In this session, James Kirkland, Red Hat's Chief Architect for the Internet of Things and Intelligent Systems, will describe how to revolutionize your architecture and...
We’re entering a new era of computing technology that many are calling the Internet of Things (IoT). Machine to machine, machine to infrastructure, machine to environment, the Internet of Everything, the Internet of Intelligent Things, intelligent systems – call it what you want, but it’s happening, and its potential is huge. IoT is comprised of smart machines interacting and communicating with other machines, objects, environments and infrastructures. As a result, huge volumes of data are being generated, and that data is being processed into useful actions that can “command and control” thi...
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
All major researchers estimate there will be tens of billions devices - computers, smartphones, tablets, and sensors - connected to the Internet by 2020. This number will continue to grow at a rapid pace for the next several decades. With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo, June 9-11, 2015, at the Javits Center in New York City. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be
We are reaching the end of the beginning with WebRTC, and real systems using this technology have begun to appear. One challenge that faces every WebRTC deployment (in some form or another) is identity management. For example, if you have an existing service – possibly built on a variety of different PaaS/SaaS offerings – and you want to add real-time communications you are faced with a challenge relating to user management, authentication, authorization, and validation. Service providers will want to use their existing identities, but these will have credentials already that are (hopefully) i...
SYS-CON Events announced today that MetraTech, now part of Ericsson, has been named “Silver Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York, NY. Ericsson is the driving force behind the Networked Society- a world leader in communications infrastructure, software and services. Some 40% of the world’s mobile traffic runs through networks Ericsson has supplied, serving more than 2.5 billion subscribers.
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
Thanks to widespread Internet adoption and more than 10 billion connected devices around the world, companies became more excited than ever about the Internet of Things in 2014. Add in the hype around Google Glass and the Nest Thermostat, and nearly every business, including those from traditionally low-tech industries, wanted in. But despite the buzz, some very real business questions emerged – mainly, not if a device can be connected, or even when, but why? Why does connecting to the cloud create greater value for the user? Why do connected features improve the overall experience? And why do...
SYS-CON Events announced today that O'Reilly Media has been named “Media Sponsor” of SYS-CON's 16th International Cloud Expo®, which will take place on June 9–11, 2015, at the Javits Center in New York City, NY. O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participa...
Imagine a world where targeting, attribution, and analytics are just as intrinsic to the physical world as they currently are to display advertising. Advances in technologies and changes in consumer behavior have opened the door to a whole new category of personalized marketing experience based on direct interactions with products. The products themselves now have a voice. What will they say? Who will control it? And what does it take for brands to win in this new world? In his session at @ThingsExpo, Zack Bennett, Vice President of Customer Success at EVRYTHNG, will answer these questions a...
The 4th International Internet of @ThingsExpo, co-located with the 17th International Cloud Expo - to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA - announces that its Call for Papers is open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
An entirely new security model is needed for the Internet of Things, or is it? Can we save some old and tested controls for this new and different environment? In his session at @ThingsExpo, New York's at the Javits Center, Davi Ottenheimer, EMC Senior Director of Trust, reviewed hands-on lessons with IoT devices and reveal a new risk balance you might not expect. Davi Ottenheimer, EMC Senior Director of Trust, has more than nineteen years' experience managing global security operations and assessments, including a decade of leading incident response and digital forensics. He is co-author of t...
The Internet of Things is a misnomer. That implies that everything is on the Internet, and that simply should not be - especially for things that are blurring the line between medical devices that stimulate like a pacemaker and quantified self-sensors like a pedometer or pulse tracker. The mesh of things that we manage must be segmented into zones of trust for sensing data, transmitting data, receiving command and control administrative changes, and peer-to-peer mesh messaging. In his session at @ThingsExpo, Ryan Bagnulo, Solution Architect / Software Engineer at SOA Software, focused on desi...
The multi-trillion economic opportunity around the "Internet of Things" (IoT) is emerging as the hottest topic for investors in 2015. As we connect the physical world with information technology, data from actions, processes and the environment can increase sales, improve efficiencies, automate daily activities and minimize risk. In his session at @ThingsExpo, Ed Maguire, Senior Analyst at CLSA Americas, will describe what is new and different about IoT, explore financial, technological and real-world impact across consumer and business use cases. Why now? Significant corporate and venture...