Hi, I'm seeing a difficult to understand error that looks like a threading issue. My application 1. Takes data from an anonymous user (node add). 2. Creates a filename based on an md5 of a secret, the endusers email, and time() 3. Saves data to the file 4. Sends an email to user with a link to the file created 5. Displays a "complete" page that has the link to the file. Operations 2 and 3 happen within a single procedure The filename is determined thusly: $filename = md5($conf['myapp_secret_salt'] + $form_state['values']['Qualifyers']['Email'] + time()); Then I prepare data and write the file, then stash the filename in $_SESSION (for use later) $_SESSION['myapp']['filename'] = $filename; $_SESSION['myapp']['UserRegFormUrl'] = $params['filenameurl']; setcookie('myapp:filename', $filename); // this is somewhat of a hack to trap errors - see below. drupal_mail('myapp', 'notify', $form_state['values']['AdditionalQs']['Email'], NULL, $params, NULL, TRUE); myapp_mail receives the filename from $params above, prepares and sends an email with a link to the file to the end-user. In step 1 above in the form I: $form['#redirect'] = 'registration/complete'; The node at registration/complete has some php in it that fetches the global variables (with the filename) and outputs a link to the file in the browser. So that is the whole process. The problem I'm having is that some users are being pointed to files that belong to other users. I believe this is happening both in the email as well as on the registration/complete form. Some people have reported receiving links to files that were for another user. Also I put some trap code in the registration/complete form. The form fetches the filename from $_SESSION and compares it to the filename in the cookie - if they don't match it errors. That code is being tripped. I looked at recent occurrence of the error and the two nodes involved (one for each of the users) had exactly the same time created timestamp. My assumptions have been: - Anonymous sessions are tied to a particular connection and data in $_SESSION is not shared. - PHP procedures are threadsafe I'm running PHP 5 on Red Hat. What am I doing wrong? Thanks, Dan