sessions with cookies off

nobertos

hi,

i have session code that works with cookies on, but not with cookies off. enable_trans_sid is turned on on the server, so i thought my code should 'automatically' work and have the session id appended to any url strings when cookies are off. when i use my login page with cookies off, i get sent right back to the login screen...no session id appended to the url string, apparently no session created.

i have a login form that sends a username/password to a sessions.inc.php file, which evaluates the username/password. depending on the validity of the username/password, a few different variables are set ($show_login, $bad_login, and session variables), which are sent to a login.php page which determines whether to send the user back to the main login screen (username/pass were bad) or on to a different page (good username/pass).

what am i doing wrong?? help....

here is the sessions.inc file:

// If logging in, password will come from form and need to be checked
if (isset($POST['form_password']) && !empty($POST['form_password']) && isset($POST['form_login']) && !empty($POST['form_login'])) {
$password = $POST['form_password'];
//echo "post password = ".$password;
$login = $POST['form_login'];
//echo "post login = ".$login;
}
// If the current page doesn't contain POST data, use the session's data
else {
$password = $SESSION['password'];
//echo "session password = ".$password;
$login = $SESSION['login'];
//echo "session login = ".$login;
}

// Set up each variable we are storing
if (!isset($SESSION['session_authorized']))
$SESSION['session_authorized'] = 0;
if (!isset($SESSION['login']))
$SESSION['login'] = $login;
if (!isset($SESSION['password']))
$SESSION['password'] = $password;

// As long as variables have been set up, check password

if (isset($SESSION['session_authorized']) && !empty($SESSION['login']) && !empty($SESSION['password'])) {
open_database();
//if (password_check($login,$password)) {
if (!buyer_user_check($login)) {
$not_a_user = 1;
}
if (buyer_password_check($login, $password)) {

// Password is correct, set session variables
$SESSION['session_authorized'] = 1;

$SESSION['login'] = $login;
$SESSION['password'] = $password;
$show_login = 0;
$bad_login = 0;
} else {
$SESSION['login'] = null;
$SESSION['password'] = null;
$SESSION['session_authorized'] = null;
session_destroy();
$bad_login = 1;
}
close_database();

}
else {
$SESSION['login'] = null;
$SESSION['password'] = null;
$SESSION['session_authorized'] = null;
session_destroy();
$show_login = 1;
}

AND here is the login.php file:

if ($POST['logout'] || $GET['logout']) {
include("includes/logout.inc.php");
}

//nothing in session, user needs to log in
if ($show_login) {
include("templates/login.tmpl.php");
die;
}

//bad login, user needs to try to log in again
elseif ($bad_login) {
$not_a_user_error = $not_a_user;
include("templates/login_error.tmpl.php");
die;
}

//user has logged in successfully, go to index page
else {
$url = "index.php";
header("Location: $url");
}

thanks!!