php sessions and IE4/5

[mrjamin]

Yo,

i've been using sessions in PHP for a little while now, and recently tried to log into a site i made that used sessions to maintain logins etc, and it was doing weird stuff in IE4. It seemed that it created the session, but the session wasn't carried accross pages. Any known issues? Here's the code i used:

PHP Code:

session_start();
require('dbconnect.inc.php');
require('functions.inc.php');
if(isset($_POST['Submit'])){
    $sql = "SELECT * FROM `users` WHERE `username` = '$_POST[username]' AND `password` = '".crypt($_POST['password'],"salt")."' LIMIT 1";
    $result = mysql_query($sql);
    if(mysql_num_rows($result) == 1){
        $_SESSION['username'] = $_POST['username'];
        $_SESSION['login'] = time();
        $_SESSION['admin'] = true;
        if(mysql_result($result,0,superuser) == 1){
            $_SESSION['superuser'] = true;
            $append = yes;
        }
        header("Location: admin/index.php?$append");
        $sql = "UPDATE `users` SET `lastlogin` = UNIX_TIMESTAMP() WHERE `username` = '$_POST[username]' AND `password` = '".crypt($_POST[password],"salt")."'";
        mysql_query($sql);
    } else {
        $badlogin = true;
    }
} elseif(isset($_SESSION['username']) && $_SESSION['login'] < strtotime("-10 minute",time())){
    $expired = true;
    session_destroy();
} 


Any idea why IE4 didn't like this? Once logged in, it successfully redirected you to the protected area, but then the headers in the protected area pages redirected the user back to an "access denied" page, as though the session wasn't carried on. Any tips would be appreciated.

Here's the sessions code of each protected page:

PHP Code:

session_start();
if(!isset($_SESSION['username']) || !isset($_SESSION['login']) || !isset($_SESSION['admin'])){
    header("Location: ../denied.php");
} else {
    if($_SESSION['login'] < strtotime("-10 minute",time())){
        header("Location: ../adminlogin.php");
    } else {
        $_SESSION['login'] = time();
    }
}