Logging in problems

ok, I’m new to php, I just discovered a problem this morning and I’m not sure how to fix it, I’ll explain as best I can.

I have a member based website, that i am still building, they sign up, account gets created, stored in the db, (username, id, etc.)

now let’s say I sign in with profile #1, when logged in, it doesn’t show in the address bar, it just says profile.php, but the member address would be blah.com/profile.php?id=1

once logged in, I can see all my profile data, pic and all that stuff, but then…

I can go to the address bar, type in blah.com/profile.php?id=2 and now I am logged in to that account, and they both have different usernames and passwords, I can go back and forth between accounts just by typing the profile.php?id=whatever to gain access to other accounts.

how scary is this???

so I am trying to figure out if this is my login script?, or is it in the profile.php code?, is it the session or cookies, or both?

I’m a little stumped, I am using the real escape string for all the data, psswords are sha1 with salt…

You don’t perchance have register globals enabled do you?

I just checked to make sure, and I disabled them before, how could they have enabled again, I in now way use register global in any of my code

Can you post the part of your code where you authenticate and determine the user?

Also, it maybe worth popping this in a script and pop the result here.

<?php die('Register Globals is ' . (bool)ini_get('register_globals') ? 'enabled' : 'disabled'); ?>

I got it now, now this has got me spooked about security, although this is fixed now, I need to get my scripts secure…