diff --git a/lib/control.inc b/lib/control.inc
index d48967d..e85655b 100644
--- a/lib/control.inc
+++ b/lib/control.inc
@@ -8,7 +8,7 @@
  * Copyright (c) 1999-2002 The Owl Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  * @version $Revision$
- * @author jam dms team
+ * @author <a href="mailto:michael@jamwarehouse.com>Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa
  * @package dmslib
  */
  
@@ -20,39 +20,78 @@
 function redirect($url) {
     // everything is relative to the root url
     $url = $default->owl_root_url . $url;
+    //echo "redirect:url = $url<br>";
     header("Location: $url");
 }
 
 /**
+ * Performs a redirect through the controller.
+ * Takes a controller action and queryString and builds url.
+ *
+ * @param $action the controller action
+ * @param $queryString additional querystring vars
+ */
+function controllerRedirect($action, $queryString) {
+    // generate url
+    $ctlUrl = generateControllerUrl($action);
+    // append the rest of the url
+    $url = $ctlUrl . "&$queryString";
+    // now redirect
+    redirect($url);
+}
+
+/**
+ * Returns a controller url.
+ *
+ * @param $action  the controller action to generate a url for
+ *
+ * @return the controller url
+ */
+function generateControllerUrl($action) {
+    return "control.php?action=$action";
+}
+
+/**
  * Generates a link via the control page, with the passed action
  *
  * @param $action
  *        the controller action to generate a link for
  * @return the generated href
  */
- //TODO: maybe this should just be the url?
 function generateLink($action) {
-    return "<a href=\"control.php?action=$action\">";
+    return "<a href=\"" . generateControllerUrl($action) . "\">";
 }
 
 /**
- * Validates the session.
- *
- * @param $sessionID
- *        the session ID to validate
- * @return
- *        true if the session is valid, else false.
+ * Verifies the current session
  */
 function checkSession() {
-    $sessionStatus = Session::verify();
-    // TODO: error handling in here with appropriate actions
-    //       error messages are in $sessionStatus["errorMessage"]
-    switch ($sessionStatus["status"]) {
-        case 1 : // session verified, update lastused time                 
-                 return true;
-                 break;
-        case 2 : // session timed out                 
-        case 3 : // session already in use
-                 return false;
-    }
+    session_start();
+    $session = new Session();
+    $sessionStatus = $session->verify();
+    if ($sessionStatus["status"] != 1) {
+        // verification failed, redirect to login with error message
+        $url = "login.php?loginAction=loginForm";
+        if (isset($default->errorMessage) && (strlen($default->errorMessage) > 0) ) {
+            $url = $url . "&errorMessage=$default->errorMessage";
+        }
+        $qs = $_SERVER[QUERY_STRING];
+        // redirect to login page with original uri unless the original uri is the login page,
+        // which means that the login attempt failed
+        if (strstr($qs, "action=LOGIN_FORM")) {
+            // redirecting to login- ensure error message is set
+            // FIXME: is this presumptious?  more rigor?  use $default?
+            $url = $url . "&errorMessage=" . urlencode($errorMessage);
+        } else if (strlen($_SERVER[QUERY_STRING]) > 1) {
+            // not redirecting to login, so this session verification failure
+            // represents either the first visit to the site
+            // OR a session timeout etc. (in which case we still want to bounce
+            // the user to the login page, and then back to whatever page they're on now)
+            $originalRequest = $_SERVER[QUERY_STRING];
+            $url = $url . "&redirect=" . $originalRequest;
+        }
+            
+        redirect($url);
+        
+    }   
 }