diff --git a/lib/Session.inc b/lib/Session.inc
new file mode 100644
index 0000000..e0ca9cf
--- /dev/null
+++ b/lib/Session.inc
@@ -0,0 +1,157 @@
+<?php
+/**
+ * $Id$
+ *
+ * This class is used for session management.
+ *
+ * @author owl sourceforge team
+ * @version $Revision$
+ * @package Owl
+ */
+class Session {
+
+    /**
+     * Creates a session.
+     *
+     * @param $userID
+     *	      user identifier
+     * @return $sessionID
+     * 	      returns the generated sessionID
+     */
+	function create($userID) {
+        global $default;
+        
+		// create the session id from a md5 of the current time
+        $current = time();
+        //$random = $this->sessionID . $current;
+        $sessionID = md5($current);
+        $sql = new Owl_DB;
+        
+        // retrieve client ip
+        if(getenv("HTTP_CLIENT_IP")) {
+            $ip = getenv("HTTP_CLIENT_IP");
+        } elseif(getenv("HTTP_X_FORWARDED_FOR")) {
+            $forwardedip = getenv("HTTP_X_FORWARDED_FOR");
+            list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);
+        } else {
+            $ip = getenv("REMOTE_ADDR");
+        }
+
+        // insert session information into db
+        $result = $sql->query("insert into $default->owl_sessions_table values ('$sessionID', '$userID', '$current', '$ip')");
+        
+        if(!'result') {
+            die("$lang_err_sess_write");
+        }
+
+		return $sessionID;
+	}
+    
+    /**
+     * Removes the specified session from the application.
+     *
+     * @param sessionID
+     *        the session to remove
+     */
+    function remove($sessionID) {
+        $sql = new Owl_DB;
+        $sql->query("delete from $default->owl_sessions_table where sessid = '$sessionID'");        
+    }
+    
+    /**
+     * Removes any stale sessions for the specified userID
+     *
+     * @param userID
+     *        the userID to remove stale sessions for
+     */
+    function removeStateSessions($userID) {
+        $time = time() -  $default->owl_timeout;
+        $sql = new Owl_DB;
+        $sql->query("delete from $default->owl_sessions_table where uid = '" . $userID . "' and lastused <= $time ");
+    }
+    
+    /**
+     * Used to verify a users session
+     *
+     * @param $sessionID
+     *	      The session id to verify
+     * @return 
+     *        array containing the userID, groupID and session verifiction status
+     */
+    function verify($sessionID) {
+        
+        getprefs();
+        global $default, $lang_sesstimeout, $lang_sessinuse, $lang_clicklogin;
+        $sess = ltrim($sessionID);
+        // initialise return status
+        $verified["status"] = 0;
+        
+        // this should be an existing session, so check the db
+        $sql = new Owl_DB; 
+        $sql->query("select * from $default->owl_sessions_table where sessid = '$sessionID'");
+        $numrows = $sql->num_rows($sql);
+        $time = time();
+        
+        if ($numrows == "1") {
+            while($sql->next_record()) {
+                // get client ip 
+                if(getenv("HTTP_CLIENT_IP")) {
+                    $ip = getenv("HTTP_CLIENT_IP");
+                } elseif(getenv("HTTP_X_FORWARDED_FOR")) {
+                    $forwardedip = getenv("HTTP_X_FORWARDED_FOR");
+                    list($ip,$ip2,$ip3,$ip4)= split (",", $forwardedip);
+                } else {
+                    $ip = getenv("REMOTE_ADDR");
+                }
+                
+                // check that ip matches
+                if ($ip == $sql->f("ip")) {
+                    // if timeout not exceeded
+                    if(($time - $sql->f("lastused")) <= $default->owl_timeout) {
+                        $verified["status"] = 1;
+                        $verified["userID"] = $sql->f("uid");
+                        $sql->query("select * from $default->owl_users_table where id = '".$verified["userid"]."'");
+                        while($sql->next_record()) {
+                            $verified["groupID"] = $sql->f("groupid");
+                        }
+                    } else {
+                        // TODO: don't want html here
+                        // session time out status
+                        $verified["status"] = 2;
+                        /*
+                        // Bozz Bug Fix begin
+                        if (file_exists("./lib/header.inc")) {
+                            include("./lib/header.inc");
+                        } else {
+                            include("../lib/header.inc");
+                        }
+                        // Bozz Bug Fix End
+                        print("<BR><BR><CENTER>".$lang_sesstimeout);
+                        if ($parent == "" || $fileid == "") {
+                            print("<A HREF='$default->owl_root_url/index.php'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
+                        } else {
+                            print("<A HREF='$default->owl_root_url/index.php?parent=$parent&fileid=$fileid'><IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/btn_login.gif' BORDER=0 ></A>");
+                        }
+                        exit();*/
+                    }
+                } else {
+                    // session in use status
+                    $verified["status"] = 3;
+                    /*
+                    // Bozz Bug Fix begin
+                    if (file_exists("./lib/header.inc")) {
+                        include("./lib/header.inc");
+                    } else {
+                        include("../lib/header.inc");
+                    }
+                    // Bozz Bug Fix End
+                    print("<BR><BR><CENTER>".$lang_sessinuse);
+                    exit;
+                    */
+                }
+            }
+        }
+        return $verified;
+    }    
+}
+?>