|
CGI environment (CGI Scope) variables
When
a browser makes a request to a server, the web server and the browser create
environment variables. In ColdFusion, these variables are referred
to as CGI environment variables. CGI Environment variables
contain data about the transaction between the browser and the server,
such as the IP Address, browser type, and authenticated username.
The available CGI variables depend on the browser and server software.
The
CGI variables are available to ColdFusion pages in the CGI scope.
They take the CGI prefix regardless of whether the server uses a
server API or CGI to communicate with the ColdFusion server. You
can reference CGI environment variables for a given page request
anywhere in the page. CGI variables are read-only.
By default, when you use the cfdump tag to display
the CGI scope, or when you request debug output of the CGI scope,
ColdFusion attempts to display a fixed list of standard CGI environment
variables. Because the available variables depend on the server,
browser, and the types of interactions between the two, not all
variables are normally available. They are represented by empty
strings in the debug output. You can request any CGI variable in
your application code, including variables that are not in the list
variables displayed by dump and debug output.
ColdFusion checks for the following variables for the cfdump tag
and debug output:
AUTH_PASSWORD
AUTH_TYPE
AUTH_USER
CERT_COOKIE
CERT_FLAGS
CERT_ISSUER
CERT_KEYSIZE
CERT_SECRETKEYSIZE
CERT_SERIALNUMBER
CERT_SERVER_ISSUER
CERT_SERVER_SUBJECT
CERT_SUBJECT
CF_TEMPLATE_PATH
CONTENT_LENGTH
CONTENT_TYPE
CONTEXT_PATH
GATEWAY_INTERFACE
HTTPS
HTTPS_KEYSIZE
HTTPS_SECRETKEYSIZE
HTTPS_SERVER_ISSUER
HTTPS_SERVER_SUBJECT
HTTP_ACCEPT
HTTP_ACCEPT_ENCODING
HTTP_ACCEPT_LANGUAGE
HTTP_CONNECTION
HTTP_COOKIE
HTTP_HOST
HTTP_REFERER
HTTP_USER_AGENT
QUERY_STRING
REMOTE_ADDR
REMOTE_HOST
REMOTE_USER
REQUEST_METHOD
SCRIPT_NAME
SERVER_NAME
SERVER_PORT
SERVER_PORT_SECURE
SERVER_PROTOCOL
SERVER_SOFTWARE
WEB_SERVER_API (This value is always blank; retained for compatibility.)
The following sections describe how to test for CGI environment
variables and provide information on some of the more commonly used
CGI environment variables
Testing for CGI variablesBecause some browsers do not support some CGI variables,
ColdFusion always returns true when it tests for
the existence of a CGI variable, regardless of whether the browser
supports the variable. To determine if the CGI variable is available,
test for an empty string, as the following example shows:
<cfif CGI.varname IS NOT "">
CGI variable exists
<cfelse>
CGI variable does not exist
</cfif>
CGI server variablesThe
following table describes common CGI environment variables that
the server creates (some variables are not available with some servers):
CGI server variable
|
Description
|
SERVER_SOFTWARE
|
Name and version of the information server
software answering the request (and running the gateway). Format:
name/version.
|
SERVER_NAME
|
Server's hostname, DNS alias, or IP address
as it appears in self-referencing URLs.
|
GATEWAY_INTERFACE
|
CGI specification revision with which this
server complies. Format: CGI/revision.
|
SERVER_PROTOCOL
|
Name and revision of the information protocol
this request came in with. Format: protocol/revision.
|
SERVER_PORT
|
Port number to which the request was sent.
|
REQUEST_METHOD
|
Method with which the request was made.
For HTTP, this is Get, Head, Post, and so on.
|
PATH_INFO
|
Extra path information, as given by the
client. Scripts can be accessed by their virtual pathname, followed by
extra information at the end of this path. The extra information
is sent as PATH_INFO.
|
PATH_TRANSLATED
|
Translated version of PATH_INFO after any
virtual-to-physical mapping.
|
SCRIPT_NAME
|
Virtual path to the script that is executing;
used for self-referencing URLs.
|
QUERY_STRING
|
Query information that follows the ? in
the URL that referenced this script.
|
REMOTE_HOST
|
Hostname making the request. If the server
does not have this information, it sets REMOTE_ADDR and
does not set REMOTE_HOST.
|
REMOTE_ADDR
|
IP address of the remote host making the
request.
|
AUTH_TYPE
|
If the server supports user authentication,
and the script is protected, the protocol-specific authentication method
used to validate the user.
|
REMOTE_USER
AUTH_USER
|
If the server supports user authentication,
and the script is protected, the username the user has authenticated
as. (Also available as AUTH_USER.)
|
REMOTE_IDENT
|
If the HTTP server supports RFC 931 identification,
this variable is set to the remote username retrieved from the server.
Use this variable for logging only.
|
CONTENT_TYPE
|
For queries that have attached information,
such as HTTP POST and PUT, this is the content type of the data.
|
CONTENT_LENGTH
|
Length of the content as given by the client.
|
CGI client variablesThe following table describes common CGI environment variables
the browser creates and passes in the request header:
CGI client variable
|
Description
|
HTTP_REFERER
|
The referring document that linked to or
submitted form data.
|
HTTP_USER_AGENT
|
The browser that the client is currently
using to send the request. Format: software/version library/version.
|
HTTP_IF_MODIFIED_SINCE
|
The last time the page was modified. The
browser determines whether to set this variable, usually in response
to the server having sent the LAST_MODIFIED HTTP
header. It can be used to take advantage of browser-side caching.
|
CGI client certificate variablesColdFusion makes available the following client certificate
data. These variables are available when running Microsoft IIS 4.0
or Netscape Enterprise under SSL if your web server is configured
to accept client certificates.
CGI client certificate variable
|
Description
|
CERT_SUBJECT
|
Client-specific information provided by
the web server. This data typically includes the client's name, e‑mail
address, and so on, for example:
O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "www.verisign.com/repository/RPA Incorp. by Ref.,LIAB.LTD(c)98", OU = Persona Not Validated, OU = Digital ID Class 1 - Microsoft, CN = Matthew Lund, E = mlund@.com
|
CERT_ISSUER
|
Information about the authority that provided
the client certificate, for example:
O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "www.verisign.com/repository/RPA Incorp. By Ref.,LIAB.LTD(c)98", CN = VeriSign Class 1 CA Individual Subscriber-Persona Not Validated
|
|