It only looks like this, but PHP behaves exactly like you tell it too :-)
in "user_auth.php"
in the first 3 lines you explity set the user name and password from post_vars.
If the link is followed later the post_vars are empty, you overwrite _SESSION['user'] with an empty string.
You should implement some beter session handling:
in user_auth.php (this is pseudo code and will likely not work exactly in this this way) :
Code:
if ($_SESSION['activated'] == false) {
$_SESSION['user']=$_POST['user_name'];
$_SESSION['passwd']=$_POST['password'];
$link=mysql_connect("localhost",$_SESSION['user'],$_SESSION['passwd'])
or die("Can not connect. Check user name and password.");
$_SESSION['activated']=true;
}
Here the session user will be set once if succselful.
Once it has been set, it cannot be unset.
So you will need something like "logout.php"
Code:
$_SESSION['activated'] = false;
echo "Logout, sucsefull, to use mysql, please login again";
Happy hacking.