RE: [PHP] Different sessions, same client
On Sun, 2011-01-23 at 17:40 -0800, Tommy Pham wrote: -Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Sunday, January 23, 2011 5:23 PM To: 'Paul M Foster' Cc: 'php-general@lists.php.net'; 'Thijs Lensselink' Subject: RE: [PHP] Different sessions, same client -Original Message- From: Thijs Lensselink [mailto:d...@lenss.nl] Sent: Sunday, January 23, 2011 12:21 AM To: php-general@lists.php.net Subject: Re: [PHP] Different sessions, same client -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 07:33 AM, Paul M Foster wrote: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well and good. My problem, however, is that I have multiple applications in different tabs running on the same server, which may all use the same sub-variables, like username. As a result, they run into each other. One application will think I'm logged in when I'm not logged in to that application, but to another in the same browser on the same box. So my question is how to prevent this using the standard PHP functions relating to sessions. I'd like different applications in different tabs on the same box/browser to have different sessions, so they don't share data. Thoughts? Paul Using session_name will allow you to run two different sessions in the same browser. session_name('app1'); session_start(); Paul, I'd would go with session_name($_SERVER['SCRIPT_NAME']) or session_name(substr($_SERVER['SCRIPT_NAME'], 0, strripos($_SERVER['SCRIPT_NAME'], '/')). My regex skills sucks so I can't give you a sample using regex. But you get the idea. It's easier to get a particular app's relevant data to the URL while not hard coding the session name, eventually giving your app(s) more flexibility especially if you may have multiple URLs mapped to an app serving different purposes/clients. Regards, Tommy Forgot to mention that this assumes your app's design is MVC like with a single point entry only. Hey guys... I too once tried this, basically so that I could stop users logging in on multiple tabs, and if they did, then it would kill the previous login (or not allow them to be logged in as they would be logged in still). I had so many issues, that I abandoned it. After reading this thread, I thought I would try Tommy's suggestion about using a unique named session... so I just tried this: ?php session_name(uniqid()); session_start(); echo session_id(); ? YAY! it worked!! so then i tried this: ?php session_name(uniqid()); session_start(); $_SESSION['t_'. time()] = time(); echo session_id(); echo 'pre'; print_r($_SESSION); echo '/pre'; ? and it doesn't preserve the older session information... so I must be doing something wrong. I can assume that because the name is being regenerated new each time, that the old previous session is destroyed (which would make sense) but then how can *I* ensure that each session is going to be unique enough, but preserve old session information too? I know it has to be possible, as my bank doesn't allow multiple tabs while online banking. /sigh the joys of protecting users from themselves... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Different sessions, same client
-Original Message- From: Steve Staples [mailto:sstap...@mnsi.net] Sent: Monday, January 24, 2011 6:31 AM To: Tommy Pham Cc: 'Paul M Foster'; php-general@lists.php.net Subject: RE: [PHP] Different sessions, same client On Sun, 2011-01-23 at 17:40 -0800, Tommy Pham wrote: -Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Sunday, January 23, 2011 5:23 PM To: 'Paul M Foster' Cc: 'php-general@lists.php.net'; 'Thijs Lensselink' Subject: RE: [PHP] Different sessions, same client -Original Message- From: Thijs Lensselink [mailto:d...@lenss.nl] Sent: Sunday, January 23, 2011 12:21 AM To: php-general@lists.php.net Subject: Re: [PHP] Different sessions, same client -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 07:33 AM, Paul M Foster wrote: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well and good. My problem, however, is that I have multiple applications in different tabs running on the same server, which may all use the same sub-variables, like username. As a result, they run into each other. One application will think I'm logged in when I'm not logged in to that application, but to another in the same browser on the same box. So my question is how to prevent this using the standard PHP functions relating to sessions. I'd like different applications in different tabs on the same box/browser to have different sessions, so they don't share data. Thoughts? Paul Using session_name will allow you to run two different sessions in the same browser. session_name('app1'); session_start(); Paul, I'd would go with session_name($_SERVER['SCRIPT_NAME']) or session_name(substr($_SERVER['SCRIPT_NAME'], 0, strripos($_SERVER['SCRIPT_NAME'], '/')). My regex skills sucks so I can't give you a sample using regex. But you get the idea. It's easier to get a particular app's relevant data to the URL while not hard coding the session name, eventually giving your app(s) more flexibility especially if you may have multiple URLs mapped to an app serving different purposes/clients. Regards, Tommy Forgot to mention that this assumes your app's design is MVC like with a single point entry only. Hey guys... I too once tried this, basically so that I could stop users logging in on multiple tabs, and if they did, then it would kill the previous login (or not allow them to be logged in as they would be logged in still). I had so many issues, that I abandoned it. After reading this thread, I thought I would try Tommy's suggestion about using a unique named session... so I just tried this: ?php session_name(uniqid()); session_start(); echo session_id(); ? YAY! it worked!! so then i tried this: ?php session_name(uniqid()); session_start(); $_SESSION['t_'. time()] = time(); echo session_id(); echo 'pre'; print_r($_SESSION); echo '/pre'; ? and it doesn't preserve the older session information... so I must be doing something wrong. I can assume that because the name is being regenerated new each time, that the old previous session is destroyed (which would make sense) but then how can *I* ensure that each session is going to be unique enough, but preserve old session information too? I know it has to be possible, as my bank doesn't allow multiple tabs while online banking. /sigh the joys of protecting users from themselves... Steve, The problem with uniqid() is it's based on unix timestamp, IIRC. So the session name always changes and it's impossible to figure out what's the previous session name is so how could you get the previously saved session data. That's why I suggested the session name based on URL/URI. If the app does not have a MVC like desgin, you could use a particular parameter's value to ensure that session name is valid for certain purpose. For example: http://server/training/schedules/ is different from http://server/events/schedules/. Should the person in charge of both needs to maintain them, it still could be done getting the session_name based on the url requesting. Thus, you'd be able to get the previously saved session data. Also, if the need arises, you could also get data from different sessions if the business needs requires it because you know exactly what the session name based URL is. As in the example above, the maintainer could check to ensure that the certain scheduled items wouldn't conflict each other in cases where the attendees are required to attend both :) Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Different sessions, same client
[snip] ?php session_name(uniqid()); session_start(); echo session_id(); ? YAY! it worked!! so then i tried this: ?php session_name(uniqid()); session_start(); $_SESSION['t_'. time()] = time(); echo session_id(); echo 'pre'; print_r($_SESSION); echo '/pre'; ? and it doesn't preserve the older session information... so I must be doing something wrong. I can assume that because the name is being regenerated new each time, that the old previous session is destroyed (which would make sense) but then how can *I* ensure that each session is going to be unique enough, but preserve old session information too? I know it has to be possible, as my bank doesn't allow multiple tabs while online banking. /sigh the joys of protecting users from themselves... Hello, What seems to be missing from this thread is talk about the root of the problem. You would never want to create the same cookie name for alike web-apps for the very reason Paul has discovered. Session_name works because it changes the name of the PHP session cookie. This is important for CMS builders, Forum builders, or other app builders etc.. Paul mentions: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well, there are only 2 ways that I know of to retain *state* in a web app (no matter what web server-side language you are working with), which are cookies or passing a variable in all links... so I would re-phrase Paul's statement above to say, to retain state, there is *always* some reference to login data (whether direct or indirect (encrypted)), but right, it's not a good idea to store AUTH info. Extending Tedd's suggestion, Instead of a unique ID for a session name (most often session *cookie*), I really prefer a hash of something that results in a recognizable cookie name over something random. In my opinion only, it is a bit shady to create a cookie that is unrecognizable. At the least, when I am managing my own cookies, I will delete wierd cookie names. What I usually do for sessions is create a cookie name that is based on the domain, and also lists the word session... so a format something like: domain_session A format such as above lets the user know right away where the cookie comes from and what it does. I would post code, but I haven't written the hash in PHP yet. One last note about this hash, I always include a default to the IP address in the case of development, or if the site does not have a domain name. Oh, and one last last note, Accessing a web app with localhost does not work well with cookies either.. so in my hash, I redirect those who access my app from localhost to the localhost IP (127.0.0.1) right away. I know that last part is a bit complicated, but I help write the hash if the list is interested. I was really surprised to find no mention of this on the PHP's examples of sessions. Sorry for the long post! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Different sessions, same client
-Original Message- From: Donovan Brooke [mailto:li...@euca.us] Sent: Monday, January 24, 2011 7:49 AM Cc: php-general@lists.php.net Subject: Re: [PHP] Different sessions, same client [snip] ?php session_name(uniqid()); session_start(); echo session_id(); ? YAY! it worked!! so then i tried this: ?php session_name(uniqid()); session_start(); $_SESSION['t_'. time()] = time(); echo session_id(); echo 'pre'; print_r($_SESSION); echo '/pre'; ? and it doesn't preserve the older session information... so I must be doing something wrong. I can assume that because the name is being regenerated new each time, that the old previous session is destroyed (which would make sense) but then how can *I* ensure that each session is going to be unique enough, but preserve old session information too? I know it has to be possible, as my bank doesn't allow multiple tabs while online banking. /sigh the joys of protecting users from themselves... Hello, What seems to be missing from this thread is talk about the root of the problem. You would never want to create the same cookie name for alike web-apps for the very reason Paul has discovered. Session_name works because it changes the name of the PHP session cookie. This is important for CMS builders, Forum builders, or other app builders etc.. That's exactly part of the 1st point of 3 points I've described in another thread. We don't exactly know the current/future requirements of the business, the different apps being used, who developed those apps, in what way are each app's data need be interconnected/shared, etc. So we can only give suggestions based on limited info disclosure for whatever the reason maybe, perhaps security or something else. Regards, Tommy Paul mentions: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well, there are only 2 ways that I know of to retain *state* in a web app (no matter what web server-side language you are working with), which are cookies or passing a variable in all links... so I would re-phrase Paul's statement above to say, to retain state, there is *always* some reference to login data (whether direct or indirect (encrypted)), but right, it's not a good idea to store AUTH info. Extending Tedd's suggestion, Instead of a unique ID for a session name (most often session *cookie*), I really prefer a hash of something that results in a recognizable cookie name over something random. In my opinion only, it is a bit shady to create a cookie that is unrecognizable. At the least, when I am managing my own cookies, I will delete wierd cookie names. What I usually do for sessions is create a cookie name that is based on the domain, and also lists the word session... so a format something like: domain_session A format such as above lets the user know right away where the cookie comes from and what it does. I would post code, but I haven't written the hash in PHP yet. One last note about this hash, I always include a default to the IP address in the case of development, or if the site does not have a domain name. Oh, and one last last note, Accessing a web app with localhost does not work well with cookies either.. so in my hash, I redirect those who access my app from localhost to the localhost IP (127.0.0.1) right away. I know that last part is a bit complicated, but I help write the hash if the list is interested. I was really surprised to find no mention of this on the PHP's examples of sessions. Sorry for the long post! Donovan -- D Brooke -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Different sessions, same client
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 07:33 AM, Paul M Foster wrote: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well and good. My problem, however, is that I have multiple applications in different tabs running on the same server, which may all use the same sub-variables, like username. As a result, they run into each other. One application will think I'm logged in when I'm not logged in to that application, but to another in the same browser on the same box. So my question is how to prevent this using the standard PHP functions relating to sessions. I'd like different applications in different tabs on the same box/browser to have different sessions, so they don't share data. Thoughts? Paul Using session_name will allow you to run two different sessions in the same browser. session_name('app1'); session_start(); -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJNO+TpAAoJEMffsHAOnubXzHYQAI86mjCR49uWTPYweFim9e+K EtU4KnFfXkQj+Qp0YYjjuiAW0muRywbjKkwuAmw7fO/v9DrbGILAvnneNX7OR9cM TBh66J6anuLB3UmItrmFqP2VKgWaLG7KHf0wExfv3duzJkRqp5Y8NQG1Ep8aXA0U 8N2VHQ1ki9ukHeIWcPI4l5558j0NE/5BsiWgJIgTC/CovDjdNYln9vszkmFw0g2G vJore2V3OIBcmLhqpcITSNK4FcaNWIKnrRWnlCgoAzA1WUCQXnmv0nJMZ0P9xtzk iYt2lkBvlGEJ8lnZoAo83XRsQ1oI6vLFwf5xDkI4OGnAsOIzmX3RzStxXyz9o5th VyIHtj8R40Rk6eI6L5xE4w1l58JTFMPdgaFk5Ku/v8i8UGDWjWHC0Qhob14w+H32 RQUtx9dBsYKYT9ZHIkxAQYDc9nTdgajRzo0ONqmzPTS9Qb7NTcjiC9pb1bHBjubA M4zJnyO5N7IUy0FmMyS7PG8saCgJDSYj+stvoCC9Kd0eDRBKs+M5cRLpnXem/Yf8 KG+clIe5+7X9l1TC7uT84HxZYSZCcuwuvRyBUIZknagyREQvLhaFX1OPZ/vk3n6S j7k77oFpcCRjkPVKZeUqFAENEY1J7p6DBEkTz9gRkA+islnSIt8rjz+0wYYg0goy b3C3ThlftPWwcOBuRQOP =ZBm8 -END PGP SIGNATURE- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Different sessions, same client
On Sun, 2011-01-23 at 09:21 +0100, Thijs Lensselink wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 07:33 AM, Paul M Foster wrote: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well and good. My problem, however, is that I have multiple applications in different tabs running on the same server, which may all use the same sub-variables, like username. As a result, they run into each other. One application will think I'm logged in when I'm not logged in to that application, but to another in the same browser on the same box. So my question is how to prevent this using the standard PHP functions relating to sessions. I'd like different applications in different tabs on the same box/browser to have different sessions, so they don't share data. Thoughts? Paul Using session_name will allow you to run two different sessions in the same browser. session_name('app1'); session_start(); -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJNO+TpAAoJEMffsHAOnubXzHYQAI86mjCR49uWTPYweFim9e+K EtU4KnFfXkQj+Qp0YYjjuiAW0muRywbjKkwuAmw7fO/v9DrbGILAvnneNX7OR9cM TBh66J6anuLB3UmItrmFqP2VKgWaLG7KHf0wExfv3duzJkRqp5Y8NQG1Ep8aXA0U 8N2VHQ1ki9ukHeIWcPI4l5558j0NE/5BsiWgJIgTC/CovDjdNYln9vszkmFw0g2G vJore2V3OIBcmLhqpcITSNK4FcaNWIKnrRWnlCgoAzA1WUCQXnmv0nJMZ0P9xtzk iYt2lkBvlGEJ8lnZoAo83XRsQ1oI6vLFwf5xDkI4OGnAsOIzmX3RzStxXyz9o5th VyIHtj8R40Rk6eI6L5xE4w1l58JTFMPdgaFk5Ku/v8i8UGDWjWHC0Qhob14w+H32 RQUtx9dBsYKYT9ZHIkxAQYDc9nTdgajRzo0ONqmzPTS9Qb7NTcjiC9pb1bHBjubA M4zJnyO5N7IUy0FmMyS7PG8saCgJDSYj+stvoCC9Kd0eDRBKs+M5cRLpnXem/Yf8 KG+clIe5+7X9l1TC7uT84HxZYSZCcuwuvRyBUIZknagyREQvLhaFX1OPZ/vk3n6S j7k77oFpcCRjkPVKZeUqFAENEY1J7p6DBEkTz9gRkA+islnSIt8rjz+0wYYg0goy b3C3ThlftPWwcOBuRQOP =ZBm8 -END PGP SIGNATURE- You can of course use arrays in your session as well: $_SESSION['app_name'] = Array( 'username' = 'John', 'user_id' = 1234, 'some other info' = 'another string', ); I use this on my localhost sometimes, as it can be easier running tests and stuff than having to create a whole new host entry for it in my config files! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Different sessions, same client
At 11:02 AM + 1/23/11, Ashley Sheridan wrote: On Sun, 2011-01-23 at 09:21 +0100, Thijs Lensselink wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 07:33 AM, Paul M Foster wrote: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well and good. My problem, however, is that I have multiple applications in different tabs running on the same server, which may all use the same sub-variables, like username. As a result, they run into each other. One application will think I'm logged in when I'm not logged in to that application, but to another in the same browser on the same box. So my question is how to prevent this using the standard PHP functions relating to sessions. I'd like different applications in different tabs on the same box/browser to have different sessions, so they don't share data. Thoughts? Paul You can of course use arrays in your session as well: $_SESSION['app_name'] = Array( 'username' = 'John', 'user_id' = 1234, 'some other info' = 'another string', ); I use this on my localhost sometimes, as it can be easier running tests and stuff than having to create a whole new host entry for it in my config files! Thanks, Ash Paul: Ash's method is a good one. You might also consider using uniqid() to create a unique ID for your users and then use that ID for determining which user is which instead of using username. Cheers, tedd -- --- http://sperling.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Different sessions, same client
On Sun, Jan 23, 2011 at 11:45:30AM -0500, tedd wrote: At 11:02 AM + 1/23/11, Ashley Sheridan wrote: On Sun, 2011-01-23 at 09:21 +0100, Thijs Lensselink wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 07:33 AM, Paul M Foster wrote: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well and good. My problem, however, is that I have multiple applications in different tabs running on the same server, which may all use the same sub-variables, like username. As a result, they run into each other. One application will think I'm logged in when I'm not logged in to that application, but to another in the same browser on the same box. So my question is how to prevent this using the standard PHP functions relating to sessions. I'd like different applications in different tabs on the same box/browser to have different sessions, so they don't share data. Thoughts? Paul You can of course use arrays in your session as well: $_SESSION['app_name'] = Array( 'username' = 'John', 'user_id' = 1234, 'some other info' = 'another string', ); I use this on my localhost sometimes, as it can be easier running tests and stuff than having to create a whole new host entry for it in my config files! Thanks, Ash Paul: Ash's method is a good one. You might also consider using uniqid() to create a unique ID for your users and then use that ID for determining which user is which instead of using username. Here's the problem: using Ash's method, it appears that all sessions running on a given browser (different tabs) will be able to see all the values from the other sessions. I may only *use* the values for my payroll app, but I can also *see* the values for my customer app as well. The session_name() suggestion from the prior poster appears to force PHP to issue a separate session ID for each application/tab. This way, the each application/tab only sees the values applicable to it. This actually takes on greater importance, in that I tend to put error messages in the SESSION variable for display at the next page load. When all the applications share the same session cookie, the error messages tend to show up in the wrong applications. So I need each application to see a different session, if possible. Paul -- Paul M. Foster http://noferblatz.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Different sessions, same client
-Original Message- From: Thijs Lensselink [mailto:d...@lenss.nl] Sent: Sunday, January 23, 2011 12:21 AM To: php-general@lists.php.net Subject: Re: [PHP] Different sessions, same client -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 07:33 AM, Paul M Foster wrote: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well and good. My problem, however, is that I have multiple applications in different tabs running on the same server, which may all use the same sub-variables, like username. As a result, they run into each other. One application will think I'm logged in when I'm not logged in to that application, but to another in the same browser on the same box. So my question is how to prevent this using the standard PHP functions relating to sessions. I'd like different applications in different tabs on the same box/browser to have different sessions, so they don't share data. Thoughts? Paul Using session_name will allow you to run two different sessions in the same browser. session_name('app1'); session_start(); Paul, I'd would go with session_name($_SERVER['SCRIPT_NAME']) or session_name(substr($_SERVER['SCRIPT_NAME'], 0, strripos($_SERVER['SCRIPT_NAME'], '/')). My regex skills sucks so I can't give you a sample using regex. But you get the idea. It's easier to get a particular app's relevant data to the URL while not hard coding the session name, eventually giving your app(s) more flexibility especially if you may have multiple URLs mapped to an app serving different purposes/clients. Regards, Tommy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Different sessions, same client
-Original Message- From: Tommy Pham [mailto:tommy...@gmail.com] Sent: Sunday, January 23, 2011 5:23 PM To: 'Paul M Foster' Cc: 'php-general@lists.php.net'; 'Thijs Lensselink' Subject: RE: [PHP] Different sessions, same client -Original Message- From: Thijs Lensselink [mailto:d...@lenss.nl] Sent: Sunday, January 23, 2011 12:21 AM To: php-general@lists.php.net Subject: Re: [PHP] Different sessions, same client -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2011 07:33 AM, Paul M Foster wrote: Storing any sort of login/auth data in cookies has regularly been panned on this list. The preference seems to be to store whatever login/auth information *must* be stored in the $_SESSION variable. Well and good. My problem, however, is that I have multiple applications in different tabs running on the same server, which may all use the same sub-variables, like username. As a result, they run into each other. One application will think I'm logged in when I'm not logged in to that application, but to another in the same browser on the same box. So my question is how to prevent this using the standard PHP functions relating to sessions. I'd like different applications in different tabs on the same box/browser to have different sessions, so they don't share data. Thoughts? Paul Using session_name will allow you to run two different sessions in the same browser. session_name('app1'); session_start(); Paul, I'd would go with session_name($_SERVER['SCRIPT_NAME']) or session_name(substr($_SERVER['SCRIPT_NAME'], 0, strripos($_SERVER['SCRIPT_NAME'], '/')). My regex skills sucks so I can't give you a sample using regex. But you get the idea. It's easier to get a particular app's relevant data to the URL while not hard coding the session name, eventually giving your app(s) more flexibility especially if you may have multiple URLs mapped to an app serving different purposes/clients. Regards, Tommy Forgot to mention that this assumes your app's design is MVC like with a single point entry only. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php