The preferred way of doing sessions now is to use the $_SESSION super global variable.

Also just a quick note. RFC's say you are suppose to do a RQDN in a "Location" header. Relitive urls (like your example) work in every browser that I've checked but it's not spec...

Also I have had problems with sessions when using Stronghold (A commercial line of Apache). Not sure if that's your problem but thought I'd mention since I had many a late night until I figured that one out.

This should work for you:

index.php
<?
session_start;

if ($_SESSION['Ustat']!= 1){
THE Form where login name and password are entered
/* when i submit this form it goes to verify.php */
}
else { Welcome message and Logout link }
?>

verify.php
<?
if username and password are present in database then
session_start();
$_SESSION['Ustat']=1;
header("location: ./index.php");
?>

THanks i did solve my problem using the same code i had, but put the session_open() and session_register() at top fo file and now it works fine. I will try ur suggestion too thanks again

Hey daisho

I tried ur suggestion but for some reason it doesn't work unless i put session_register("Ustat") before if ($_SESSION['Ustat']!= 1) in index.php. Don't know why couldn't figure it out

What version of PHP are you running? The global $_SESSION array should not require the use of session_register.

my php version is 2.2.0 / webserver apache; One more problem i forgot to mention i tried to block cookies in my browser and test it. I realized that the links all got the session id number which is supposed to be that way but the test so that the page shows the welcome message and the logout link fails for some reason and i get the login and password thing back. any opinion on that? THank you

2.2.0 is most likely not your PHPversion. Write a little script like:

<? phpinfo();?>

That will tell you your PHP version and lots of other good informatin about your PHP installation.

Regarding the URL it's because of your redirect. PHP didn't realize what you were doing and could not rewrite the URL. Your should change:

header("location: ./index.php");

to

header("Location: [${_SERVER['HTTP_HOST']}...]
.dirname($_SERVER['PHP_SELF']).
"/index.php?"
.SID);

The first part is what I talked about before. It just gives you your FQDN. The last part "SID" is a define. If PHP sees that cookies are off it will be populated with "PHPSESSID=XXXXX" or whatever it should be. If cookies are on the SID I believe is simply blank. That way you will not loose the session.

THanks for the help you are right i made that change and it started working fine. One more question though now when i block my cookies in the browser the verify.php page is not reached. It writes the url but says the page not found, that is ofcourse when i put a username and password and submit. I can't figure out why?

NeverMind man i got it, my mistake , thanks anyways