Query caching
Query caching is another one of those parameters that you can t truly set until you load-test your application by using a commercial-grade load-testing tool and production-scale test data. (This parameter is set on the Caching page of ColdFusion Adminstrator.) You can t tell how large or varied your queries may be until you perform such a test, and these two factors (variance and scale) completely dominate the number of queries that you should set ColdFusion Server to cache in its memory. You should set this parameter only after you set parameters for JVM memory usage, template cache size, and simultaneous requests in that order. Start with a very low number such as five and run a high load-test scenario with the maximum number of virtual users that you expect your system to handle (a very important test, especially if you exhaust a lot of your memory through heavy use of the Session scope). Your watchpoints are response timings (minimum, maximum, average, and standard deviation) and available physical memory. If you adjust this parameter, but your application s response time doesn t improve significantly, make sure that you are making effective use of query caching in your code. If you do receive a significant benefit from increasing the number of cached queries, use the hopscotching method that we describe in the section Choosing the Number of Simultaneous Request Threads, earlier in this chapter, to balance available physical memory with response times. If you do so, you eventually set the right number. Remember that a large standard deviation on response times indicates erratic behavior, so back off if you see this value jump sharply.
Using a UUID for CFTOKEN is a security precaution. (You can find this option on the Settings page of ColdFusion Administrator.) By default, ColdFusion uses an eight-digit random number for the value of CFTOKEN, making it relatively easy to guess. Enabling this option makes ColdFusion use a UUID with a random 12-digit hexadecimal number prepended as CFTOKEN. This modified UUID is impossible to guess, removing any possibility of a user hacking into another user s session by manipulating the values of CFID and CFTOKEN in URL. It s always a good idea to use a UUID for CFTOKEN. It s usually not a concern on development servers (although it certainly won t hurt), but on a production server, always consider enabling this option.
Part VIII ColdFusion MX Administration
Using J2EE Session Variables
By default, ColdFusion MX doesn t use J2EE session management and opts instead to identify a user s Session variables through the combination of CFID and CFTOKEN sent by each of his browser requests. Enabling J2EE Session variables makes ColdFusion forego CFID and CFTOKEN for session management purposes and instead use J2EE s native session-management mechanism. (You can find this option in the Memory Variables page of ColdFusion Administrator.) With J2EE Session variables enabled, your ColdFusion MX application can share Session, Application, and Request variables with JSP pages and other J2EE applications running on the same server. For more information on J2EE session management, see 19. (You must restart ColdFusion server for this setting to take effect.)
If you re using a database server rather than a file-based database such as Microsoft Access, you want to use an IP address rather than a host name or computer name in specifying your database server. Using the host name requires ColdFusion to perform a DNS lookup before connecting to the database server, and using a computer name means doing a network lookup. Using an IP address enables ColdFusion to connect to the database server directly. After setting up and verifying your datasource with a correct username and password to make sure that you can connect to your database, edit the datasource definition and remove the username and password. (See the Data Sources section in 43 for information on verifying and editing datasources.) Instead, store the username and password in Request variables defined in Application.cfm or a similar mechanism and pass them in every call to CFQUERY and CFSTOREDPROC. Doing so takes the username and password out of ColdFusion MX s XML properties files and puts the connection information in Application.cfm templates, which are easier to secure. A datasource s connection settings define how ColdFusion connects to the database server and which database it uses. You also have advanced settings, however, that, if used correctly, can really enhance your application s performance. Table 44-1 describes these advanced settings:
