Ignore Application.cfm in one directory

Is it possible to ignore Appliction.cfc in one directory of a web app?

I have and app with this structure:

/root - Contains application.cfc for entire app, which implements authentication



/root/publicstuff - The stuff in this directory is public and should ignore the application.cfc in the parent


What application settings should the publicstuff get then? Inherit the setting from the server admin? If so, why not export those to override everything?

Have you considered simply putting an empty Application.cfc in that /root/publicstuff folder? That would work and should solve your problem.


publicstuff would probably have no settings. It utilizes no sessions or session variables. Although it may need application variables.

I guess I need to review how application.cfc works (with inheritance). The app was set up a long time ago.

What @carehart suggested is a good advice. The settings should default to the server/web admins settings then. Alternatively you can copy the parent Application.cfc, and deactivate/overwrite all the settings you don’t want to have in that folder.

@mdichi , Sorry, I only have questions at the moment:

  1. You mention Application.cfc as well as Application.cfm. Was that just a typo? If not, which one is it?
  2. Could you say what you mean by “ignore Application.cfm” in a directory? Could you give an example of what you want to happen or not to happen in /root/publicstuff?
  3. Do you realize that the following 2 requirements may contradict each other?

3(a) /root/publicstuff - The stuff in this directory is public and should ignore the application.cfc in the parent
3(b) publicstuff would probably have no settings…Although it may need application variables.

3(a) and 3(b) will contradict each other when the application variables in 3(b) are supposed to be generated by the Application file in /root.


I meant Application.cfc.

What I really wanted was for the authentication mechanism in our Application.cfc to not apply to a separate “public” directory.

Now that I’ve looked at the application and problem a little further I have more details. When you access the app via a URL (for example: http://www.example.com) you would be prompted to authenticate. Up until recently, authentication was handled by forms based login. The implementation occurs in on onRequestStart. If Session.name (a variable we defined) doesn’t exist, then the user is directed to the login page. In actuality onRequestStart checks if the path was “/appstuff” or “Index.cfm”. If so the user would need to authenticate. If the path was “publicstuff” then authentication was skipped.

This has worked well. When “publicstuff” was accessed the authentication mechanism was skipped. Otherwise the app made sure the user was logged in.

Recently a change was made, which was to support Windows Authentication. This worked well too, except, accessing “publicstuff” triggered Windows Authentication. I made the quick (and incorrect) judgement that this was a problem with Application.cfc (which it was indirectly).

Looking more closely at on OnRequestStart I saw logic for forms-based login that the authentication mechanism was skipped for “publicstuff”. Adding that logic to Windows Authentication logic (also in onRequestStart) fixed the problem.

Btw, IIS needed to be changed to, in order for Windows Authentication not to trigger on “publicstuff”. For that directory, Windows Authentication needed to be turned off and Anonymous authentication needed to be turned on. Then everything worked as expected.

1 Like

Your last sentence seems to close the case/matter, right?


1 Like