Issues with multiple sessions being stored for the same user

[ga2arch]

I am having issues whereby the same user is generating two session files. I started to log these in the database so I could see what was going on. I am curious to know whether this stems from setting sessions in a class or whether there is some programing faux pas behind this. Below are both sessions from my computer generated within a minute of each other:\[code\]session_id session_datakfmj13vi5o538mvi57at8th0n2 useradd|s:10:"xx.xx.62.69";redirect|s:10:"/index.php";3bb0fkisndf3u0o1l3195iclh2 UID|s:1:"1";USERNAME|s:9:"kalpaitch";\[/code\]Sometimes (not always) when a user logs in, the class responsible for adding the 'UID' and 'USERNAME' to the session seems to create a new session entirely (as above) and therefore the page does not register the user as having logged in.This is a script someone else wrote, with the following path =>loginform.php posts to validate.php which calls the method below.\[code\]function validateUser($username,$password, $redirect){ $password=md5($password); if(get_magic_quotes_gpc()){ $username = stripslashes($username); $password = stripslashes($password); } $sql = "SELECT id,username,password FROM users WHERE username='" . mysql_real_escape_string($username) . "' AND password='" . mysql_real_escape_string($password) . "' AND status='1' and verified=1"; $result=mysql_query($sql); $row = mysql_fetch_array($result); if ($row["id"]){ session_start(); $_SESSION["UID"] = $row["id"]; $_SESSION["USERNAME"]=$row["username"]; header("location: http://www.xxx.com".$redirect); }else{ unset($_SESSION["UID"]); unset($_SESSION["USERNAME"]); $sql = "select id,username,password from user where username='" . mysql_real_escape_string($username) . "' and password='" . mysql_real_escape_string($password) . "' and status='1' and verified=0"; $result=mysql_query($sql); $row = mysql_fetch_array($result); if ($row["id"]){ $_SESSION['login'] = 'Verify your account by email'; header("location: http://www.xxx.com".$redirect); }else{ $_SESSION['login'] = 'Incorrect username or password'; header("location: http://www.xxx.com".$redirect); } } }\[/code\]