well, yeah, on the
<?php
if (!session_id()) session_start();
if($_SESSION["standbyClassID"] < '1') {
$_SESSION["standbyClassID"] = "".((isset($_POST["classid"]))?$_POST["classid"]:"") ."";
}
if (!session_id()) session_start();
if($_SESSION["standbyInstanceID"] < '1') {
$_SESSION["standbyInstanceID"] = "".((isset($_POST["inid"]))?$_POST["inid"]:"") ."";
}
?>
<?php
if (!WA_Auth_RulePasses("Logged in to customers")){
WA_Auth_RestrictAccess("customer_login.php");
}
?>
on the standby confirm page, you have the the restrict access behavior just after the set session variable behavior.
this will force the redirect to the login page if they are not logged in.
It's not possible to set the session on the login page.
form data is only available while the action page is loading. once the action page loads, or redirects to another page, the form post is destroyed.
it should still set the sessions though, since the authenticate user behavior is after the set session code.
maybe try adding this code before the authincate user code:
<?php session_commit(); ?>