loki_racer

Try this. I think that header() won't let you use variables inside its ( ). [code] <?php if(isset($_POST['submit']) && $_POST['submit'] == 'Submit') //if form has been submitted {     $denied = "";     $name = $_POST['name'];     $pass = $_POST['pass'];     if ($name == "Heba" &&  $pass == "123")     {         header("Location: Warehouse_Services_Operations_System/main.php"); /* Redirect browser */         exit;                     }     else {         $denied = "Sorry. You are not authorized to access this page<br>Go <a href='index.php' onclick='history.go(-1);return false'> Back </a>";     } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>SYS</title> . . . . ... . . . . . . <body> <?php if(!empty($denied)) { echo $denied; } ?> . . ... . . . . . . . </body> </html> [/code]

If you have a file called include.php that has [code]<? session_start(); ?>[/code] and a page called index.php that has [code]<? include('include.php'); ?>[/code] Then the session would be started by index.php

An easy way to avoid this is force a redirect after the form information has been submitted to the database via: [code]header("Location: nextpage.php");[/code] This will make it so that when someone uses the back button to return to the form, it will be the blank version.