Let's talk for a minute about scoping of variables. Let's say that you have, oh I don't know, a fairly complex billing web app. An administrator logs in, selects a customer, bills time for that customer, and goes on his/her merry way. No problem, right? Well, let's say (strictly for the sake of argument, mind you), that you were storing the unique id of the customer as you were working with them like this:

== Module modReports

End Module ==

What this means is that the value for g_iCustomerID is now both Public and Global, which means that any class, function, etc. can access that value, *regardless of who is accessing*. Here's what can happen:

# User A logs in and picks a customer. g_iCustomerID is now set to a value, say 132. # While User A is still logged in, User B also logs in. The default edit page tries to be clever and sees if there's a value stored in g_iCustomerID, so you can bop around the site, and still maintain which user you've selected. So, since g_iCustomerID has a value of 132, the application assumes that User B selected it, and loads all the data for Customer #132.

You can see how this could be A Bad Thing(tm). The solution is to go around and do a global search-and-replace on every occurance of this variable, and substitue a session-level variable instead. Of course, g_iCustomerID is just one of about 10 other variables that are being stored globally that shouldn't be. Grrrrr.