User has to log in twice - please help


I am having an issue in IE8 where the user has to log in twice to get access to a restricted zone.

It used to happen in Firefox 4, but seems to have gone now with the update.

Can anyone let me know why this is happening please?

Any help greatly appreciated.

<div id="login">  

<h2 class="white">Customer Login</h2>

	<div class="margin">
	<form name="login_form" method="post" action="log.php?action=login">
	Login:<br /> <input type="text" name="user"><br />
	Password: <br /><input type="password" name="pwd"><br />
    <p class="submit">
	<input type="submit" value="Submit" name="submit" class="submit" />
    <p>Not registered? <br />If you are a customer please <a href="register.html" class="links">Register</a></p>


	$hostname = "my_ip";
	$username = "username";
	$password = "pass";
	$database = "db";

	$link = MYSQL_CONNECT($hostname,$username,$password);


if($_GET['action'] == "login") {
$conn = mysql_connect("my_ip","db","pass");
$db = mysql_select_db("db"); //Your database name goes in this field.
$name = $_POST['user'];
$q_user = mysql_query("SELECT * FROM customer WHERE username='$name'");


               $insert_query = ("INSERT INTO login(username) VALUES ('$name');");
               mysql_query($insert_query) or die('Error, insert query failed');


if(mysql_num_rows($q_user) == 1) {

$query = mysql_query("SELECT * FROM customer WHERE username='$name'");
$data = mysql_fetch_array($query);
if($_POST['pwd'] == $data['password']) {
header("Location:"); // This is the page that you want to open if the user successfully logs in to your website.
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));

// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");

first impulse is to say ‘dont use session_register’ (deprecated). Same goes for session_is_registered. replace with $_SESSION[‘name’] = $data[‘username’] or whatever your field is called, and if(!isset($_SESSION[‘name’]))

second impulse is to say dont use the header for successful logins. You’re already including this file in every pageload. You want them to see log.php when they log in, so dont redirect them anywhere.

Yeah, I’m with Starlion on this – my question would be why all the redirects when you could just do an include instead. That’s really not a great way of building a site – if for no other reason than the extra handshake involved for nothing.

Seems needlessly complex for something simple.