Along with new features, ColdFusion 10 also offers some good changes to defaults. You may not agree with these changes, so review them carefully to ensure they mesh with your development rules.
- One that almost no one should argue about - the default storage method for client variables has switched from the Windows Registry (or the fake version on Unix-based systems) to cookie values.
- CFTOKEN cookie values now are set to use UUIDs.
- Global script protection is now enabled by default. Now, this is probably a good thing, but, I've found it trips me up and I normally ensure it is disabled. (You can disable it at the application level.) This is the setting that trips up bloggers since it takes their HTML and escapes it automatically. I guess I can accept that it makes more sense to be enabled, just keep this in mind when working on code for a ColdFusion 10 server.
- The maximum number of simultaneous template requests changed from 10 to 25. The maximum number of simultaneous CFC function requests went from 10 to 15. Remember - these are defaults. You really want to take the time to configure these for your server and application.
- The minimum JVM heap size went from nothing to 256 megs.
- This one may impact people too - the maximum size of post data went from 100 megs to 20.
- Finally, ColdFusion Event Gateway services will be disabled by default. Probably makes sense with no one using it (which is unfortunate!), but keep it in mind if your code requires it.
There are a few other changes as well. For example, file uploads are now more secure by default since we go far beyond just checking the file extension. Now deeper checking into the file type is performed. You can disable this, but don't.
There may be other changes as well - if you find em - post em!
Archived Comments
Did they finally eliminate that old legacy problem due to automated variable validation for variables which follow a certain pattern?
That's the classic which everyone that ever built a Facebook app in CF probably has run into at least once.
Are you talking about the automatic form validation? That was 'fixed' in CF9. You can disable it in your app.cfc settings.
That maximum number of simultaneous template requests = 10 really, really worked for me. Unless your hardware suddenly improved I would not change that.
I believe the maximum number of simultaneous template requests is a very server / app-specific issue. We have a well tuned CF9 application set at 25, and don't run into issues under load.
Really is a shame if people are not using event gateways.
Aaron: Agreed. I don't think features should be used "just because", but at the same time, I do wish there were more usage out there.
@Aaron - Out of curiosity, how are you leveraging event gateways in your project(s)?
Anytime I want something to be asynchronous, I use an Event Gateway. This typically means long running operations, logging, app metrics, or processes I want to be triggered by a remote user but that don't need to furnish a result when the processes started. I've found there are lots of areas in my applications where Event Gateways have helped me to accelerate response times.
I should note that I also use threads, but, only if I need parallel operations to re-join (like the furnish data for a request.).
Any reason why you don't use threads for times when you _don't_ want to join? I use them cfbloggers and it works fine.
Ahh ok, I've been using threads for some of those operations. That has helped with response times, but then consumes the thread pool. I see how the event gateway would be best if there's no need to re-join the asynchronous process. Thanks for the feedback.
An interesting change in path issues with CFINCLUDE results in incorrect paths generating a 404 error. Oddly enough, for as long as I can remember, ColdFusion would allow you to have extra "/" marks in a path and still include the page. For example:
include "/path/to//file.txt";
This works in CF9 and earlier versions but not CF10. The usual cause of this kind of path is dynamic path information from a database that might include the "/" mark and then so does your code.
Good news... it makes us do it right. Bad news, errors may arise when you upgrade your CF9 app to CF10 if you include files via dynamic file paths.
Wes, while I agree that it is good to make us "do it right", this kind smells like something that will bite a _lot_ of people. Can you file a bug report please?
Added bug to bugbase.adobe.com. Bug #: 3125367
Looks like they posted a fix to the CFINCLUDE path issue. The cool new built in update tool found and installed that bug fix.
Nice. Glad to see it being useful already.
Maximum number of simultaneous template requests is "0" in CF10 standard. Any idea what does "0" mean?
No limit maybe? Check the help (click the ?).
@Raymond There's no (?). No limit doesn't seem to make sense because if I click Submit Changes: Simultaneous Request limit must be numeric and greater than zero.
Look in the upper right corner. Every CF Admin for a while not has had built in contextual help.
Ray, thank you so much for writing so many great articles and being such a ridiculously source of CF knowledge. Like Henry Ho, I'm wondering what the "zero simultaneous requests" in Coldfusion 10 means. I read the help as you suggested here, and did not see anything specifically about the "0" value.
* a ridiculously awesome source of CF knowledge
It almost sounds like a bug - as Henry says he wasn't able to save the page. If you still see this, and if you also can't save the page, best I can suggest is to log a bug, and then obviously change the value - 10 should be fine until you can test for better values.
Hi Ray - I have a web service that gets invoked just fine in CF9. We upgraded to CF10 and now if the size of the data goes above a certain amount (which is not a lot of data), the service call errors and returns:
An existing connection was forcibly closed by the remote host.
Any ideas or thoughts on tuning or where to look? Thank you!
Check the Admin settings for the max post setting. That could be it.