I have a very simple script that creates a user:

<?php
include 'mysqlserver.php';
session_start();



$con = mysql_connect($mysql_host, $mysql_username,$mysql_password);
if (!$con) {
die('Could not connect: ' . mysql_error());
}


mysql_select_db($mysql_db, $con);

$newuser = $_POST[username];
$newpassword = $_POST[password];
$confirmnewpassword = $_POST[confirmpassword];

if ($newpassword != $confirmnewpassword) {
die('Passwords do not match.');
}

if ($newuser == null) {
die('You need to choose a username!');
} elseif ($newpassword == null) {
die('You need to enter a password!');
}

$avail_query = mysql_query("SELECT * FROM users WHERE username='$newuser'");

$avail_numrows = mysql_num_rows($avail_query);

if ($avail_numrows != 0) {
die('That user already exists');
}


mysql_query("INSERT INTO users (username, password) 
VALUES ('$newuser', '$newpassword')");


$_SESSION['username'] == $newuser;

mysql_close($con);
?>

<script type="text/javascript">

function enterUCP(){
window.location = "/member.php"
}

</script>
</head>
<body onLoad="setTimeout('enterUCP()', 3000)">
Account created! Logging you in...
</body>

Originally, my script simply redirected you to the login page after creating an account. I’ve been trying to tweak it so you are logged in after the creation of an account.
For some reason, I cannot edit $_SESSION[‘username’] or any other session variables, even though I have started the session on line 3. I’m very confused, as some of my other PHP scripts properly manipulate $_SESSION variables, and I can’t tell what’s different in mine.

P.S. Please don’t comment on the security of my system. It’s probably terribly insecure, but I’m just writing for a prototype.

EDIT: Just to make this a little less useless of a question, can anyone find any serious security flaws here?