Hoping someone here may be able to help - have searched all over but no joy.

I have a PHP web application with a number of subdomains that share the app but each has its own database. A PHP script is used to get the db appropriate for the subdomain.

Using .htaccess I can successfully password protect the directory but there is a problem.

Assuming I have sub1.domain.com and sub2.domain.com

Access is restricted with a .htgroup file with "allowed: sub1user sub2user" and a .htpasswd file. All cool so far - people need to log in - it works.

HOWEVER: If a person logs in to sub1.domain.com as sub1user and then types sub2.domain.com into address bar, they get access to the other subdomain.

I can see why this happens. All users belong to the group and the group has access to the folder so once a person is in...they are in.

How can I restrict a user to their own subdomain if all the subdomains share a common folder containing the script? Is it even possible? I think mod rewrite might be the answer but I am a total noob at that.

Thanks so much in advance for any help.