I have a web site and when my users login it takes them to

verify.php

(where it connects to the DataBase and matches email and password to the user input and if OK puts client data into sessions and take the client to /memberarea/index.php ELSE back to login page with message "Invalid Email or password!")

<?php
  ob_start();
  session_start();

  $email=$_POST['email'];
  $pass=md5($_POST['pass']);

  include("conn.php"); // connects to Database
  $sql="SELECT * FROM `user` WHERE email='$email' AND pass='$pass'";
  $result=mysql_query($sql);

  $new=mysql_fetch_array($result);

  $_SESSION['fname']=$new['fname'];
  $_SESSION['lname']=$new['lname'];
  $_SESSION['email1']=$new['email1'];
  $_SESSION['passwrd']=$new['passwrd'];


  $no=mysql_num_rows($result);

   if ($no==1){
    header('Location:memberarea/index.php');
   }else {

        header("Location:login.php?m=$msg"); //msg="Invalid Login"
   }

  ?>

then after email id and password is verified it takes them to `

/memberarea/index.php

(This is where the problem happens.)

where in index.php it checks if a session has been created in-order to block hackers to enter member area and sends them back to the login page.

<?
 session_start(); 
 isset($_SESSION['email'])` && `isset($_SESSION['passwrd'])` 

The problem is the client gets verified in verify.php (the code is above)

In varify.php only after I put ob_start(); ontop of session_start(); It moves on to /memberarea/index.php ,

If I remove ob_start() It keeps the client on the verify.php page and displays error header is alredy SENT.

after I put ob_start() it goes in to /memberarea/index.php but the session is blank,

so it goes back to the login page and displays the error ($msg) "Invalid Login" which I programed to display.

Can anyone tell me why the session cant pass values from verify.php to /memberarea/index.php