i have some code to redirect a user to a page if their login details are correct. part of the code is as below but it never redirects to the specified page. help me sort this out

                   if($pass==$dbpass){
                        //safely redirect user to the home page and start a new session
                        session_start();
                        $_SESSION['userid'] = $userid;
                        $_SESSION['logged'] = TRUE;
                        echo "<script language = 'javascript'>window.location = 'createaccount.html';</script>";
                        //header("location:home.php");
                    }  else {
                     //user input and stored input did not match
                        echo "Invalid Password";
                    }

You code snippet should work fine. Are you getting an error?

FYI :
session_start(); must be the first thing sent to the browser, or it won't work properly. Make sure you are not sending anything to the browser before the if clause.

you must put session_start(); at the first line of your script and nothing before it

Are you sure that $pass and $dbpass match? Control chars, tabs, spaces etc in one or the other may lead to a mismatch even through you seem to "look" the same?