I'm having some problems with sessions.
They work fine on my personal computer, but once I upload them to the webserver they stop working.

This sets the session variables
<?
include "vars.php";
$login = $_POST['login'];

//Start Verifing Process
if ($login) {
define("SQLAccess998", 1);
include "database.php";
include "login.functions.php";

$username = escape($_POST['username11']);
$password = escape($_POST['password11']);

$passworde = $password . $salt1;
$passworde = sha1($passworde);
$resulta = mysql_query("SELECT authorid,username,password,lastlogin FROM users WHERE username='$username'") or die(mysql_error());
$usernamevalid = mysql_num_rows($resulta);
if ($usernamevalid == 1) {
while($rowa = mysql_fetch_array($resulta)) {

if ($passworde === $rowa[2]) {
$aid = $rowa[0];
$lastlogin = $rowa[3];
$newlogin = date("F j, Y");
$random = rand(10000, 9999999);
$ip = $_SERVER["REMOTE_ADDR"];
$sql = "UPDATE users SET lastlogin='$newlogin', ip='$ip',session='$random' WHERE username='$username'" or die(mysql_error());
$result = mysql_query($sql) or die(mysql_error());

//Set Session
session_start();
$_SESSION['urne'] = $username;
echo $_SESSION['urne'];
$_SESSION['pswd'] = $password;
$_SESSION['sessionid'] = $random;
$_SESSION['ip'] = $_SERVER["REMOTE_ADDR"];
$_SESSION['authorid'] = $aid;
//Session Set
echo " you are now logged in! You lasted logged in $lastlogin!<br><a href=\"$loc\">Enter Admin Panel</a>";
} else { echo "Password is incorrect! Please try again."; }
}

} else { echo "Username is incorrect! Please try again."; }
}
else {
// Login Form
?>
<form method="POST" action="<? echo $PHP_SELF; ?>">
Username:
<input type="text" name="username11" value=""><br>
Password:
<input type="password" name="password11" value=""><br>
<input name="login" type="submit" value="login">
<?
}
?>

And this here should show them, as it does on my personal computer
<?
session_start();
echo "Username: ";
echo $_SESSION['urne'];
echo "<br>Password: ";
echo $_SESSION['pswd'];
echo "<br>Session ID: ";
echo $_SESSION['sessionid'];
echo "<br>IP: ";
echo $_SESSION['ip'];
echo "<br>Author ID: ";
echo $_SESSION['authorid'];
?>

But it doesn't on the webserver.

Please help, I'm supposed to have they site launched on the first...

I'm having some problems with sessions.
They work fine on my personal computer, but once I upload them to the webserver they stop working.

But it doesn't on the webserver.

Please help, I'm supposed to have they site launched on the first...

I don't see whats wrong right off the bat. But perhaps you should make some functions or use PHP to get most the information from the datbase.

For example, theh IP shouldn't be stored in a session becuase if they have dial-up and get somehow disconnected and then reconnect their IP will not be the same because they were disconnected and the IP they were using is recycled for someone else.

The only thing you really need in the sessions is a user ID and pass, or username and pass, and the rest can be done from those sessions, like checking if the username exists in a the database and if so, call the user ID. Same thing goes for if your using the ID in the sessions and want the usersnames.

This is also why a class or function would be handy so all you need to do is:

if (isset($_SESSION['authorid']) && isset($_SESSION['pswd'])) {
$username = MySQL->fetch_username($_SESSION['authorid']);
}


The same result can be done without classes or functions, so don't get overwhelmed.

Seems ok to me as well, assuming that you have defined some of your own functions in there, like escape() for example.

Assuming that you receive a 'You are now logged in ' sort of message, then so far its all good. The problem is most likely due to a configuration for php on the server itself which differs from your personal enviroment. I find that most servers tend to use the default php.ini recommended file. In this file it treats your session settings differently, mainly:
session.use_cookies = 1
session.use_only_cookies = 0
session.use_trans_sid = 0

Anyway, these three tend to be major contributors to dying sessions. If you have cookies off, you will not be able to retain a session at all. If you want to allow your users the ability to go without cookies on, I'd recommend either appending a php SID constant to your links, or enabling session.use_trans_sid. These can be altered directly via php.ini or by using ini_set() should access to the file be forbidden.
Another thing to consider would be to move your session_start() above your page includes/requires. Any prior output will cause your sessions/cookies to fail.

As with session fixation, this is always the tougher one to deal with. First thing I would do, is drop your date formatting on your last login times, and use a standard timestamp with both the insertion as well as the session itself. You can use this session timestamp to compare if the session is new, or if its an old session and should be discarded upon request. Essentially, you want to time out your sessions after a fixed period of time. Personally, I usually use 15 minutes, but its all up to you. I have to disagree with you as well element, I'd recommend the use of the IP, but by no means just the IP, for exactly the problem you mention. I tend to use the IP/| Remote host and Useragent. These by no means make a secure interface, but they usually suffice. Now, if you are looking at using a far more secure method, my recommendation would be to enable session.use_only_cookies in conjunction with a SSL connection, along with other validation methods. This should greatly minimize the possibility of a session hijack.

Hope that helps!