Diría que no le doy ninguna sesion a alias .. utilizo este código con cookies

setcookie("loggedin", "".$_POST['mail']."", time()+(3600 * 24));
echo "Welcome: <strong>".$_POST['mail']."</strong><br>";
echo "Continue to the <a href=members.php>members</a> section.";

Necesito programar una session_start con ??y este es el login.php

ob_start();
$mail=$_POST["mail"];
$password=$_POST["password"];
if ($mail&&$password);
{
include("config.php");
$query = mysql_query("SELECT * FROM users WHERE mail='$mail'");
$numrows = mysql_num_rows($query);
{
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['mail'];
$dbpassword = $row['password'];
$dbalias = $row['alias'];
$dbname = $row['name'];
$dbsurname = $row['surname'];
//
}
if ($mail==$dbusername&&$password==$dbpassword)
{
echo"Contraseña correcta";
setcookie("loggedin", "".$_POST['mail']."", time()+(3600 * 24));
echo "Welcome: <strong>".$_POST['mail']."</strong><br>";
echo "Continue to the <a href=members.php>members</a> section.";
}
else
echo "Contraseña errónea";
}
}
ob_end_flush();