code ignoring valid session from earlier successful login

Question

I have a login script that when successful, should check to see if the session exists, if not, display login form, once posted, authenticate, if successful, set session.

After I successfully post the form, and it binds successfully, then go back to the page, it completely ignores the session and displays the login page.

I don't know what I am doing wrong, do I have the conditionals in the wrong order? Should I be looking for the session before testing to see if the form was posted?

<?
session_start();

// using ldap bind
if(isset($_POST['username']) && isset($_POST['password'])) {
    $username = $_POST['username'];
    $password = $_POST['password'];  // associated password

    // connect to ldap server
    $ldapconn = ldap_connect("ldap://ldap.server")
        or die("Could not connect to LDAP server.");

    if ($ldapconn) {
        // binding to ldap server
        $ldapbind = ldap_bind($ldapconn,$username,$password);
        // verify binding
        if ($ldapbind) {
            echo "LDAP bind successful...";
            $_SESSION['valid_username'] = $username; 
        } else {
            echo "LDAP bind failed...";
        }
    }
} else {

    if(isset($HTTP_SESSION_VARS['valid_username'])) {
        print 'you are logged in - congrats';
    } else {
    ?>
    <h1>Login</h1>
    <form method="post" action="<?=$_SERVER["PHP_SELF"]?>">
        <p>username: <input type="text" name="username" /><br />
            password: <input type="password" name="password" /></p>
            <p><input type="submit" name="submit" value="submit" /></p>
    </form><?
    }
}
?>

Answer 1

try using $_SESSION instead of $HTTP_SESSION_VARS when checking the session.