I'd say that you are totally right on that point. there are some variables that can be fudged by the user, such as REFERRER for example, but the ones that relate to server status, like server_name, script_name, etc are defined bythe web server implementation rather than defined by the browser (ie user) and packaged in the request.
Generally speaking environment variables whose values are based on http request headers are prefixed with HTTP_, though it's true you can't rely on this across the board unless you have access to the server source code. However, the CGI specification does list core environment variables which should be supplied by all servers or gateway applications implementing the spec.
SERVER_PROTOCOL is a standard CGI environment variable which can be used to determined whether the request is over HTTPS.
Mark
--- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
