Login/Register
Difference between AUTH_USER and REMOTE_USER cgi variables
Asked Answered
Solved iiscoldfusionrailoopenbd
A

5

6

The docs aren't entirely clear on this - is there a difference between these variables? On IIS at least they appear to be identical, but I don't want to rely on that if it might be different under other servers.

Augmentation answered 12/5, 2009 at 14:14 Comment(0)
M
8

According to the Adobe ColdFusion documentation they are the same.

http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Expressions_8.html

Looking at the openbd source code, the remote_user and the auth_user are mapped to the same key, so it returns the same value.

Looking at the railo source code, I'm not quite understanding what is going on, but it appears to be setting remote_user, and I'm not sure if auth_user is being set anywhere.

If you are designing an app that is compatible with coldfusion, railo, and openbd, it appears safer to use remote_user. Maybe someone else can comment because I don't fully understand the code without taking the time to investigate deeply.

Magdalenamagdalene answered 12/5, 2009 at 14:58 Comment(1)
Adobe's docs seem to suggest remote_user is the preferred choice.Magdalenamagdalene
P
4

REMOTE_USER and AUTH_USER will be the same in AdobeCF/IIS, but not on AdobeCF/Apache. AUTH_USER will be blank when using AdobeCF/Apache.

So it is best to code using the REMOTE_USER variable. If you find yourself working on code that references AUTH_USER in Apache, there is a way to make Apache populate that variable using mod_rewrite. This will cause Apache to copy REMOTE_USER into AUTH_USER:

RewriteEngine on RewriteCond %{REMOTE_USER} (.) RewriteRule . - [E=AUTH_USER:%1]

There is more info here: http://www.stillnetstudios.com/copying-env-variables-in-apache/

Piny answered 9/1, 2010 at 22:3 Comment(0)
B
2

I'm fairly sure REMOTE_USER is the standard CGI variable.

According to this page, they are the same: http://livedocs.adobe.com/coldfusion/6/CFML_Reference/Expressions5.htm

Belter answered 12/5, 2009 at 14:24 Comment(0)
G
2

to be on the safe side stick to REMOTE_USER as it is the one defined in the CGI/1.0 spec (Found here http://www.ietf.org/rfc/rfc3875)

AUTH_USER seems to have snuck in over time

Glasgow answered 15/5, 2009 at 23:9 Comment(0)
R
1

In my experience, CGI variables tend to differ between Web Servers (Apache, IIS, JRun, etc), and even between their versions. The only safe bet, when basing something on a CGI variable, is to check what values show up on your dev, stage, production (etc) servers.

Rizal answered 12/5, 2009 at 17:12 Comment(1)
From an apache point of view this variable isn't often available and I have need of it to be able to run an ldap SSO thingy ! Am I right in thinking that this variable comes from the laptop or device used to access the server url and NOT the server the url is hosted on. So for example running phpinfo(); on said laptop requesting this script on the server where is this variable supposed to come from ? Thank you for helping me understand more on this elusive subject.Coffle

© 2022 - 2024 — McMap. All rights reserved.