Running into a slight buggy problem here..

I'm trying to setup and use session variables for this application. When a user logs in, I'd like to register a userID session variable and an authenticated session variable. I'd then like to use these variables throughout the site.

When a user submits their username and password to portal.php, It calls a function that attempts to authenticate the username and password. If successful, it should setup to session variables.

the format looks like this:

function auth($username, $password) {
GLOBAL $s_userID, $s_AUTH;

// Grab user info from database, if its all good do the following:
unset($s_userID, $s_AUTH);
session_register('s_userID');
session_register('s_AUTH');
// Here's where I tried different things
// Option a)
$GLOBALS['s_userID'] = // userid from db
$GLOBALS['s_AUTH'] = true;
// Option b)
$HTTP_SESSION_VARS["s_userID"] = // userid from db
$HTTP_SESSION_VARS["s_AUTH"] = true;
return true; // if authenticated
}

Then, in my portal page.. i had something like
if (auth($username, $password)) {
Header("Location: somewhere");
} else {
// not authenticated
}

The problem here in lies with where i go after the header is sent.

1) If I use HTTP_SESSION_VARS, $HTTP_SESSION_VARS["s_userID"] will not hold its value where "somewhere" is in the header redirection.

I believe this is because register_globals is actived in my php.ini...(read about problems here in php.net) ...

Is there anyway I can reference these variables safely (preferably using $HTTP_SESSION_VARS instead of GLOBALS throughout my pages? I constantly have to check session_is_registered("s_AUTH") to make sure the GLOBALS didn't come from somewhere other than the session variable.

Anyone run into this same problem?