The difference between the variables AUTH_USER and REMOTE_USER cgi

Question

The difference between the variables AUTH_USER and REMOTE_USER cgi

The docs are not entirely clear on this - is there a difference between these variables? In IIS, at least they seem the same, but I don't want to rely on this if they can be different from other servers.

+4

coldfusion openbd railo iis

Goyuix May 12, '09 at 14:14

source share

5 answers

REMOTE_USER and AUTH_USER will be the same in AdobeCF / IIS, but not on AdobeCF / Apache. When using AdobeCF / Apache, AUTH_USER will be empty.

Therefore, it is best to use the code REMOTE_USER. If you find yourself working on code that references AUTH_USER in Apache, there is a way to make Apache populate this variable with mod_rewrite. This will force Apache to copy REMOTE_USER to AUTH_USER:

RewriteEngine on RewriteCond% {REMOTE_USER} (.) RewriteRule. - [E = AUTH_USER:% 1]

Here's more info: http://www.stillnetstudios.com/copying-env-variables-in-apache/

+3

Ryan stille Jan 9 '10 at 22:03

source share

I am sure that REMOTE_USER is a standard CGI variable.

According to this page, they are the same: http://livedocs.adobe.com/coldfusion/6/CFML_Reference/Expressions5.htm

+2

Peter Boughton May 12, '09 at 14:24

source share

to be safe, stick to REMOTE_USER, as defined in the CGI / 1.0 specification (found here http://www.ietf.org/rfc/rfc3875 )

AUTH_USER seems to have slipped over time

+2

Lucas May 15, '09 at 23:09

source share

In my experience, CGI variables tend to differ between web servers (Apache, IIS, JRun, etc.) and even between their versions. The only safe bet when using something in a CGI variable is to check what values are displayed on the dev, stage, production (etc) servers.

+1

Adam tuttle May 12, '09 at 17:12

source share

Jayson · Accepted Answer · 2009-05-12T14:58:43+0000

According to the Adobe ColdFusion documentation, they are the same.

http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=Expressions_8.html

After looking at the openbd source code, remoteuser and auth_user are mapped to the same key, so it returns the same value.

Looking at the source code for railo, I don’t quite understand what is happening, but it seems to be a remote_user setting, and I'm not sure if auth_user is installed anywhere.

If you are developing an application compatible with coldfusion, railo, and openbd, it is safer to use remote_user. Maybe someone can comment, because I do not quite understand the code without wasting time on in-depth research.

The difference between the variables AUTH_USER and REMOTE_USER cgi

More articles: