inconsistent session variables.

[bennyboywonder]

ok, so I am ajaxing my website. Part of which has been to create user authentication. When I log in, javascript calls a php page which outputs xml and sets a session variable showing that the user is logged in. this works most of the time, only every so often, despite the php page showing login success, the session variable does not set, or at least refuses to read or something.

 

here is the code on the php page that is called for logging in

<?php 
case "login":
        if ($_GET['user'] && $_GET['password']) {
            $query4 = $query = "SELECT Usertype, Password FROM users WHERE Login='" . $_GET['user'] . "'";
            $result4 = mysql_query($query4) or die("Error, query failed");
            $loggedin = 0;
            if ($row4 = mysql_fetch_row($result4)) {
                $usertype = $row4[0];
                $password = $row4[1];
            }
            if ($password == $_GET['password']) $loggedin = 1;
            else $loggedin = 0;
            if ($loggedin) {
                ?>
        		<result>
        			<isloggedin>1</isloggedin>
        			<userlevel><?php echo $usertype ?></userlevel>
        			<message>Login successful</message>
        		</result>

		<?php
                $sessUser = $_GET['user'];
            } else {
                ?>
        		<result>
        			<isloggedin>0</isloggedin>
        			<userlevel>0</userlevel>
        			<message>Login failed</message>
        		</result>

		<?php }
        } else {
            ?>
		    <result>
        			<isloggedin>0</isloggedin>
        			<userlevel>0</userlevel>
        			<message>Please supply username and password</message>
        		</result>
<?php }
        break;
?>

 

I have this at the top of every page

 

<?php
session_start();
session_register("sessUser");
session_register("sessUserLevel");
if (!($sessUser)) $sessUser = "guest";

 

 

[bennyboywonder]

ooops. this is in the wrong forum