Debugging & Logging - Debug Output Settings

Overview

Debug Output Settings control what debugging information ColdFusion displays at the bottom of pages during development and testing. When enabled, the debug output provides invaluable insights into application performance, database queries, variable states, execution times, and potential issues. This comprehensive debugging information helps developers identify bottlenecks, troubleshoot errors, and optimize application code.

Proper configuration of debug output settings is critical for both development productivity and production security. While debugging should be extensively used during development, it must be carefully restricted or completely disabled in production environments to prevent information disclosure and performance degradation.

Debug Output Options

Configure which debugging information ColdFusion displays at the bottom of pages during development and testing.

Output Format Options

Choose how debug information is displayed on your pages.

IP Address Filtering

Restrict debug output to specific IP addresses for security in production environments.

Performance Impact

Understanding the performance cost of debug output in different environments.

Security Considerations

Debug output can expose sensitive information - understand the risks and implement proper safeguards.

Best Practices

Development Environment

• Enable all debug output options for maximum visibility
• Use dockable debug output format for better UX
• Leave minimum execution time at 0 to see all requests
• Enable robust exception information for detailed error context
• Show all variable scopes during active development
• Use cftrace liberally to mark execution checkpoints
• Review debug output regularly to spot performance issues early
• Pay attention to query execution times and N+1 problems

Staging/QA Environment

• Enable debug output with IP filtering to QA team addresses
• Use minimum execution time (100-250ms) to focus on performance issues
• Enable database activity to verify query optimization
• Test with debug output disabled to verify production-like performance
• Use staging to validate that debug is properly disabled for production

Production Environment

• Disable ALL debug output settings for normal operation
• Never enable robust exception information
• Use custom error templates for user-friendly error pages
• Log errors to files instead of displaying them
• If emergency debugging needed, use strict IP filtering
• Only enable specific debug categories (e.g., database only)
• Document debug output changes in change management system
• Disable debug output immediately after troubleshooting
• Use proper APM tools (FusionReactor) for production monitoring

Security Best Practices

• Review debug output for sensitive data before sharing screenshots
• Sanitize debug output when reporting bugs to vendors
• Use IP filtering as defense-in-depth, not sole security measure
• Regularly audit debug output settings across all servers
• Include debug settings in security review checklist
• Train developers on risks of debug output in production
• Automate checks for debug settings in deployment pipeline

Performance Optimization

• Use debug output to identify slow database queries
• Set query execution time threshold to highlight problematic queries
• Monitor total database time as percentage of page load time
• Look for repeated identical queries (caching opportunities)
• Identify N+1 query patterns in loops
• Use execution time filtering to focus on slow pages
• Compare debug metrics before and after optimization

Common Issues and Solutions

Debug Output Not Appearing

• Symptom: Debug settings enabled but no output shown
• Cause: IP address not in allowed list
• Solution: Verify your IP address and add to allowed list
• AJAX Requests: Debug output not shown for AJAX/API responses
• Content-Type: Non-HTML responses don't include debug output
• cfcontent: Using cfcontent bypasses debug output

Debug Output Interfering with Page Layout

• Symptom: Debug output breaks page design
• Cause: Classic debug format conflicts with page HTML/CSS
• Solution: Switch to dockable debug output format
• Alternative: Use cfdump to specific file instead of inline
• PDF Issues: Debug output prevents PDF generation

Performance Degradation with Debug Enabled

• Symptom: Site significantly slower with debug enabled
• Cause: Debug overhead, especially with variable dumps
• Solution: Disable variable scope display
• Alternative: Use minimum execution time to reduce output
• Large Sessions: Disable session variable display if very large

Sensitive Data Visible in Debug Output

• Symptom: Passwords, tokens visible in debug variables
• Immediate Action: Disable variable display immediately
• Code Fix: Remove sensitive data from shared scopes
• Prevention: Use local variables for sensitive data
• Best Practice: Never store passwords in session/application scope

Debug Output Not Showing for Some Requests

• Symptom: Debug output intermittent
• Cause: Minimum execution time set too high
• Solution: Lower or remove minimum execution time threshold
• Fast Pages: Pages loading under threshold won't show debug
• Caching: Cached pages may not trigger debug output

IP Filtering Not Working

• Symptom: Debug output showing to unintended users
• Cause: IP filter misconfigured or not applied
• Proxy Issues: Load balancer IP instead of client IP
• Solution: Configure proxy to pass X-Forwarded-For header
• Testing: Verify IP filtering from multiple addresses

Alternative Debugging Approaches

File-Based Debugging

• Use cflog for structured logging to files
• Use cfdump with output="file" for detailed dumps
• Tail log files in real-time during debugging
• Safe for production - no information disclosure to users

APM Tools

• FusionReactor: Comprehensive performance monitoring
• SeeFusion: Lightweight monitoring alternative
• New Relic: Cloud-based APM platform
• Benefits: Production-safe, detailed metrics, alerting
• Cost: Commercial tools require licensing

Line Debugger

• Step-through debugging with breakpoints
• Available in ColdFusion Builder or compatible IDEs
• More precise than debug output for complex issues
• See separate Debugger settings for configuration

Custom Debug Output

• Build application-specific debug panels
• Control exactly what information is displayed
• Implement own IP filtering or authentication
• Store debug data in database for historical analysis

Configuration Examples

Recommended Development Settings

• Enable Robust Exception Information: Yes
• Database Activity: Yes
• Exception Information: Yes
• Tracing Information: Yes
• Variables: All scopes
• General Debug Information: Yes
• Minimum Execution Time: 0ms
• Output Format: Dockable
• IP Filtering: Not required in development

Emergency Production Debugging

• Enable Robust Exception Information: No
• Database Activity: Yes (if database issue suspected)
• Exception Information: No
• Tracing Information: No
• Variables: None
• General Debug Information: Yes
• Minimum Execution Time: 100-500ms (focus on slow requests)
• Output Format: Dockable
• IP Filtering: Single admin IP only

Performance Profiling Settings

• Enable Robust Exception Information: No
• Database Activity: Yes
• Exception Information: No
• Tracing Information: Yes (if using cftrace)
• Variables: None
• General Debug Information: Yes
• Minimum Execution Time: 100ms
• Query Execution Time Threshold: 50ms
• Output Format: Dockable

Related Resources

• Debugging & Logging - IP Addresses - Dedicated IP filtering configuration
• Debugging & Logging - Debugger - Line-by-line debugger settings
• Debugging & Logging - Logging Settings - Log file configuration
• Debugging & Logging - Code Analyzer - Static code analysis
• ColdFusion Administrator Reference - Main administrator guide