Skip to Content

Use CFLock to Lock Code & Protect Data in CFML

ColdFusion and Lucee are multi-threaded servers, meaning they can process multiple tasks simultaneously, a great feature for performance but one that can cause data anomalies or corruption if multiple tasks attempt to update that data at the same time.

The cflock tag ensures that items processed within the same named or scoped lock are processed sequentially instead of simultaneously to prevent these issues.

In this tutorial, you'll get a clear explanation of the cflock tag and how to implement it with code examples and preventable measures for data corruption.

Ad - Web Hosting from SiteGround - Crafted for easy site management. Click to learn more.
Advertising Disclosure: I am compensated for purchases made through affiliate links. Click here for details.

The Attributes

Here is a list of the attributes for the cflock tag:

  • timeout numeric - The only required attribute. The maximum time, in seconds, to wait before the lock attempt expires. If you set the timeout value to 0, the lock timeout is then determined by the "Timeout Requests after x" setting in the ColdFusion Administrator.
  • name string - The name of the lock. If multiple locks with the same name are requested close together, the execution of each lock will be processed in sequence instead of simultaneously. Lock names are shared amongst the entire ColdFusion server, not just the requesting application, and are mutually exclusive with the scope attribute.
  • scope string - The scope of the lock. Only one request in the specified scope can execute this type of lock. Available scopes are Application, Session, Server, and Request. This argument is mutually exclusive with the name attribute.
  • type string - The type of lock to be processed: readOnly, which allows read-only access to the shared data, and exclusive, which allows a request to read or write the shared data.
  • throwOnTimeout boolean - Determines how timeout conditions are handled. If yes, an exception is generated for the timeout. If no, script execution continues past the lock without an error.

Code Examples

Tag Syntax

<cflock timeout="60" scope="session" type="exclusive">
<cfset session.myVar = "Hello There!">

<cflock timeout="60" name="myLock" type="readOnly">

Script Syntax

lock timeout="60" scope="session" type="exclusive" {
session.myVar = "Hello There!"

lock timeout="60" name="myLock" type="readOnly" {

Preventing Deadlocks

A deadlock occurs when code within a cflock tag cannot be accessed or executed. All requests to these protected code blocks are halted until processing has been completed or a timeout has occurred.

For example, User 1 attempts to access the application scope that was already locked by User 2. Processing is taking a while for User 2, so User 1 needs to wait until the other lock has completed processing or until a timeout has occurred for the request to continue.

It's best practice to use uniquely named locks instead of scope locks because of this scenario. Locks with the same name or scope across the entire ColdFusion or Lucee server are affected, not just the executing application.


You're now familiar with the cflock tag and how to implement it for data protection. If you have any questions on anything mentioned, please ask in the comments below.

Posted by: Josh Rowe
Last Updated: August 29, 2023
Created: July 18, 2023


There are no comments yet. Start the conversation!

Add A Comment

Comment Etiquette: Wrap code in a <code> and </code>. Please keep comments on-topic, do not post spam, keep the conversation constructive, and be nice to each other.