Your code has:
isset($_GET['enewsval'])
but your failed validation adds "val" to the url and not "enewsval"... you would have to update that to:
isset($_GET['val']) to match the redirect on line 8.
The issue with the session is that you are redirecting after the update, which would cause the session to never be set because it appears after the update code. Just move the save session code above the update code and it should fix that problem.