Some help wtih sessions

[Armed Rebel]

I'm testing a login system.Registration is perfect.Login is perfect. (The code was given to me, but I understand it, except the session part)Anyway, I need to know how to make a user stay logged in if he goes to an other page. (The whole point of this test, is to have a user register, login and edit their details, which can be viewed. Anyone can register if they wish, but it doesn't do anything apart from being able to log in).How can I do this?Also, how can I have a list that shows users that are logged in?Here is my login code:

{connection}<html><head><title>Login Test Login</title></head><body><form action="" method="post">Username: <input name="username" type="text" maxlength="20" value="<? echo $_POST['username']; ?>" /><br />Password: <input name="password" type="password" maxlength="16" value="<? echo $_POST['password']; ?>" /><br /><input type="checkbox" name="auth_retention" /> Stay Logged In?<br /><input type="submit" value="Login" name="submit" /></form></body></html><?if ($HTTP_POST_VARS['submit']){	$un = $_POST['username'];	$ip = $_SERVER['REMOTE_ADDR'];	$pass = $_POST['password'];	$authretention = $_POST['auth_retention'];		if ($un)	{  if (eregi("&", $un)==1)  {  	echo "<hr><br />DEBUG: request incorrectly received. Username/Password Invalid.";	  	exit;  }    if ($un == "")  {  	echo "<hr><br />DEBUG: request incorrectly received. You must enter a username.";	  	exit;  }    if ($pass == "")  {  	echo "<hr><br />DEBUG: request incorrectly received. You must enter a password.";	  	exit;  }    $sql="SELECT * FROM users WHERE username='$un'";  $result=mysql_query($sql);  $checkres=mysql_num_rows($result);	  if ($checkres == 0)  {  	echo "<hr><br />DEBUG: request incorrectly received. Username doesn't exist! To register, <a href=register.php>click here</a>";	  	exit;  }	}		if ((strlen($un)>20) || (strlen($un)<3))  {  	echo "<hr><br />DEBUG: request incorrectly received. Usernames must be between 3 and 20 characters!";  	exit;  }	if ((strlen($pass)>16) || (strlen($pass)<3))  {  	echo "<hr><br />DEBUG: request incorrectly received. Passwords must be between 3 and 16 characters!";  	exit;  }	else	{  $pass = md5($HTTP_POST_VARS['password']);  echo "<hr><br />DEBUG: request properly received. ATTEMPTING TO LOGIN<br /><br /> UN: " . $un . "<br />PW: " . $pass . " (MD5 HASH) <br />IP: " . $ip . "<br />Tag Date: " . $date;  $sql="SELECT * FROM users WHERE username='$un' AND password='$pass'";  $result=mysql_query($sql);  $checkres=mysql_num_rows($result);    if ($checkres == 0)  {  	echo "<hr><br />DEBUG: request incorrectly received. Username/Password Invalid.";	  }  else  {  while ($myrow=mysql_fetch_array($result))  {  	$_SESSION['username'] = $myrow['username'];  	$_SESSION['password'] = $myrow['password'];  	$_SESSION['uid'] = $myrow['uid'];  	$_SESSION['authver'] = 1;  	  	$cookieauthname = $myrow['username'];  	$cookieauthpass = $myrow['password'];  }    if ($authretention)  {  	setcookie('userpermaauth', $cookieauthname, time() + 60 * 60 * 24 * 30);  	setcookie('passpermaauth', $cookieauthpass, time() + 60 * 60 * 24 * 30);  	ob_end_flush();  }    echo "<hr><br />Authed as: " . $_SESSION['username'] . " Please wait while we forward you...    ";	}}}?>

[Armed Rebel]

Anyone?