(moved from a comment)
Hmmm. My my, where to start?
When used in the context of web-programming, a 'session' is a term that indicates that some data is persisted _on the server_ about the current connection to it. A session-variable is maintained by the server and may be used to store all kinds of things - in this case, it would be used to store a variable that may be checked against a value in a particular column of a DB table. If the user's current value is not the same as the one held in the database, it is safe to assume they are not logged in.
As it stands, the code above doesn't log a user into the site - it merely sets the current URL to be HomeAccess_uche/processing.html if the user enters "jonson111" and "happy111", or to HomeAccess_wilson/processing.html if the user enters "wilsonqaz" and "open123qaz".
The thing is though, without using a server-side language, there is nothing to stop anyone from just navigating to either of these URLs and seeing the same content that would be presented had the correct username/password combination been entered.
By using a server-side language, the browser can hold the contents of the session-variable I mentioned earlier. When asking for a page, the server can check if this matches the session-variable stored into the DB for any particular user. If it matches, the page appropriate for this user can then be presented. If it does not, a generic "You must log-in first" type of screen can be presented.
By only programming the client-side of the affair you have no means by which you can dynamically decide to refuse any particular client. All you can do is show the alert message and refuse to change the window.location field. But again, that still doesn't stop the user from entering a url of his/her choosing.
So, after the user hits logout and is (I pressume) redirected to a particular page, pressing 'back' takes them back to the same url that showed the data that you want to control access to. Since there's nothing smart on the back-end, there's no change in behaviour - the page is simply served up as per usuall.
There's a zillion and one register/login tutes around for ASP, ASP.NET and PHP (alphabetic ordering, I express no preference or 'better' option) Since you've mentioned PHP, why not download XAMPP and follow one of those tutes? You should have a functioning access-control system within an hour or two, hopefully also with an improved understanding of the uses and need for session-variables.
Never-mind the fact that reading the source of your current login page will expose the username/password combination 'needed' to gain access. Entirely insecure against all but the least proficient users.
Here's a single result from a google search - "php login tutorial". It makes some good points and I recommend you read and follow it, or at the very least, read it.
How to Create a Secure Login Script in PHP and MySQL
You can grab XAMPP here:
XAMPP for Window/Linux/MacOS X/Solaris