Session Problems

abromfield

Hello,

I'm having a problem with my session handling script. Here's the situation:

1.) Users come to my site and are asked to login using their credentials.

2.) The user enters their credentials into textboxes, which are located on the index.php page. The user presses the submit button and the textbox values are posted back to the index.php page. <form method=post action='index.php'>)

2.) The credentials are authenticated against a mySQL database and a session variable is created:

$query = "select * from members "
."where UserName='$userid' "
." and Password='$password'";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) >0 )
{
// if they are in the database register the user id
$valid_user = $userid;
session_register("valid_user");

4.) Once authenticated, the textboxes are removed and a menu is presented on the index.php page. One of the menu items displayed on the index page is "Documentation".

5.) The user clicks on the "Documentation" link, which transfers them to the documents.php page. The documents.php page starts by checking if a session varible exists:

<?
session_start();
// check session variable

if (session_is_registered("valid_user"))
{
?>
<html>
<head>
<title>Documentation</title>..........

The documents.php page will always load correctly if the user was authenticated.

6.) It's in this next step where I am experiencing the problem. When the user click's on any of the document links contained on the documents.php page they will receive a message (I wrote), indicating that the page they're trying to load is for members only, therefore they'll need to log into the site to view the page.

For some reason the session gets destroyed between the documents.php page (which checks to see if the a session variable exists) and the pages that are linked to the documents.php page.

The STRANGE part is that it works perfectly the second time you log into the site...every time!. Is this problem caused by my ISP, or my script that checks to see if a session variable is registered for the user:

<?
session_start();
// check session variable

if (session_is_registered("valid_user"))
{
?>
<html>
<head>
<title>Documentation</title>.......

Why does it always work the second time I log into the site, but never the first time? I've tried logging in from several different machines at various locations, and the result is always the same.

PLEASE HELP ME!

Thanks,

Andrew