diff --git a/activate_roles.php b/activate_roles.php
index 16efc5fb..87254999 100644
--- a/activate_roles.php
+++ b/activate_roles.php
@@ -14,10 +14,10 @@
     <?php echo aixada_js_src(); ?>
    		
  	<script type="text/javascript" src="js/jqueryui/i18n/jquery.ui.datepicker-<?=$language;?>.js" ></script>
-     
    
-   
-    <?php $the_role = $_SESSION['userdata']['current_role']; ?>
+    <?php 
+        $the_role = get_current_role();
+    ?>
 	<script type="text/javascript">
 	$(function(){
 		$.ajaxSetup({ cache: false });
diff --git a/js/aixadacart/jquery.aixadacart.js b/js/aixadacart/jquery.aixadacart.js
index 64f2b652..ac23efb4 100644
--- a/js/aixadacart/jquery.aixadacart.js
+++ b/js/aixadacart/jquery.aixadacart.js
@@ -143,7 +143,11 @@
   									
   							    },
   							   error : function(XMLHttpRequest, textStatus, errorThrown){
-  							    	$this.data('aixadacart').submitError.call($this,XMLHttpRequest.responseText);
+                                    if (XMLHttpRequest.responseText === $.aixadaUtilities_lang.NOT_LOGGED_IN) {
+                                        $.AixadaNotLoggedInMsg();
+                                    } else {
+                                        $this.data('aixadacart').submitError.call($this,XMLHttpRequest.responseText);
+                                    }
   							    	//alert(errorThrown);
   							    	
   							    	//updateCartTips.call($this,'error',XMLHttpRequest.responseText);
diff --git a/js/aixadautilities/i18n/aixadaUtilities-ca-va.js b/js/aixadautilities/i18n/aixadaUtilities-ca-va.js
new file mode 100644
index 00000000..615ff47b
--- /dev/null
+++ b/js/aixadautilities/i18n/aixadaUtilities-ca-va.js
@@ -0,0 +1,10 @@
+(function($){
+	$.extend({
+		aixadaUtilities_lang : {
+            NOT_LOGGED_IN: "Not logged in",
+			btn_ok: "D'acord",
+            not_logged_in: "La sessió d'usuari no està iniciada",
+            must_identify: "Ha d'identificar-se!"
+		}
+	});
+})(jQuery);
diff --git a/js/aixadautilities/i18n/aixadaUtilities-en.js b/js/aixadautilities/i18n/aixadaUtilities-en.js
new file mode 100644
index 00000000..36ea7f86
--- /dev/null
+++ b/js/aixadautilities/i18n/aixadaUtilities-en.js
@@ -0,0 +1,10 @@
+(function($){
+	$.extend({
+		aixadaUtilities_lang: {
+            NOT_LOGGED_IN: "Not logged in",
+            btn_ok: "Ok",
+            not_logged_in: "User is not logged in",
+            must:identify: "You must identify!"
+		}
+	});
+})(jQuery);
diff --git a/js/aixadautilities/i18n/aixadaUtilities-es.js b/js/aixadautilities/i18n/aixadaUtilities-es.js
new file mode 100644
index 00000000..62ba27cf
--- /dev/null
+++ b/js/aixadautilities/i18n/aixadaUtilities-es.js
@@ -0,0 +1,10 @@
+(function($){
+	$.extend({
+		aixadaUtilities_lang: {
+            NOT_LOGGED_IN: "Not logged in",
+			btn_ok: "De acuerdo",
+            not_logget_in: "La sesión de usuario no está iniciada",
+            must_identify: "¡Debe identificarse!"
+		}
+	});
+})(jQuery);
diff --git a/js/aixadautilities/jquery.aixadaMenu.js b/js/aixadautilities/jquery.aixadaMenu.js
index 650392df..c3249508 100644
--- a/js/aixadautilities/jquery.aixadaMenu.js
+++ b/js/aixadautilities/jquery.aixadaMenu.js
@@ -54,10 +54,9 @@ $(function(){
 		var rq_uri = window.location;
    		$.ajaxQueue({
    			type: "POST",
-            url: "php/ctrl/Cookie.php?change_role_to=" + new_role + "&originating_uri=" + rq_uri,
+            url: "php/ctrl/AixadaSession.php?change_role_to=" + new_role + "&originating_uri=" + rq_uri,
             dataType: "xml",
             success:  function(xml){
-		document.cookie = 'USERAUTH=' + escape($(xml).find('cookie').text());
 		window.location.href = $(xml).find('navigation').text(); 
    			}   		
    		});
@@ -87,7 +86,7 @@ $(function(){
 		var rq_uri = window.location;
    		$.ajaxQueue({
    			type: "POST",
-            url: "php/ctrl/Cookie.php?change_lang_to=" + new_lang + "&originating_uri=" + rq_uri,
+            url: "php/ctrl/AixadaSession.php?change_lang_to=" + new_lang + "&originating_uri=" + rq_uri,
             dataType: "xml",
             success:  function(xml){
             window.location.href = $(xml).find('navigation').text();
diff --git a/js/aixadautilities/jquery.aixadaUtilities.js b/js/aixadautilities/jquery.aixadaUtilities.js
index b811f7a1..4ad49e53 100644
--- a/js/aixadautilities/jquery.aixadaUtilities.js
+++ b/js/aixadautilities/jquery.aixadaUtilities.js
@@ -323,6 +323,22 @@ $(function(){
 		closeMsg : function(){
 			$('#aixada_msg').dialog( "close" );
 			
+		},
+		AixadaNotLoggedInMsg: function() {
+		    var buttonClick = {};
+		    buttonClick[$.aixadaUtilities_lang.btn_ok] = function(){
+		        $(this).dialog("close");
+		        window.location.href = 'login.php';
+		    };
+		    $.showMsg({
+		        title: $.aixadaUtilities_lang.not_logged_in,
+		        msg:   $.aixadaUtilities_lang.must_identify,
+		        buttons: buttonClick,
+		        type: 'error'
+		    });
+		    $("#aixada_msg").on("dialogclose", function() {
+		        window.location.href = 'login.php';
+		    });
 		}
 	});
 	
diff --git a/js/aixadautilities/jquery.aixadaXML2HTML.js b/js/aixadautilities/jquery.aixadaXML2HTML.js
index d7fe4c00..ecef07a8 100644
--- a/js/aixadautilities/jquery.aixadaXML2HTML.js
+++ b/js/aixadautilities/jquery.aixadaXML2HTML.js
@@ -164,8 +164,15 @@
 									},//end success
 									
 									error : function(XMLHttpRequest, textStatus, errorThrown){
-	  							    	alert('An error "' + errorThrown + '", status "' + textStatus + '" occurred during loading data: ' + XMLHttpRequest.responseText);
-
+                                        if (XMLHttpRequest.responseText === $.aixadaUtilities_lang.NOT_LOGGED_IN) {
+                                            $.AixadaNotLoggedInMsg();
+                                        } else {
+                                            alert('An error "' + errorThrown + 
+                                                '", status "' + textStatus + 
+                                                '" occurred during loading data: ' +
+                                                XMLHttpRequest.responseText
+                                            );
+                                        }
 	  							    },
 	  							   complete : function(msg){
 	  							 	
diff --git a/local_config/config.php.sample b/local_config/config.php.sample
index e467a871..bae7ea9d 100644
--- a/local_config/config.php.sample
+++ b/local_config/config.php.sample
@@ -357,26 +357,6 @@ class configuration_vars {
    * users if available. 
    */
   public $incidents_email_list = ""; 
-  
-  
-  
-  
-  
-  /**
-   * CODE OPTIMIZATIONS
-   */
-
-  /**
-   * @var bool In case the database is parsed, this variable controls if the table_manager objects are stored in $_SESSION or not. Setting this variable to true cuts down considerably on execution time.
-   */
-  public $use_session_cache = true;
-
-  /**
-   * @var bool If true, this variable says to not parse the database every time a page is loaded, but to read the pre-compiled responses from the file canned_responses.php.  Setting this variable to true cuts down considerably on execution time.
-   */
-  public $use_canned_responses = true;
-
-
 
   /**
    * 
diff --git a/login.php b/login.php
index 36827781..230c97f4 100644
--- a/login.php
+++ b/login.php
@@ -3,13 +3,11 @@
 
 require_once(__ROOT__ . 'php'.DS.'inc'.DS.'authentication.inc.php');
 
-// This controls if the table_manager objects are stored in $_SESSION or not.
-// It looks like doing it cuts down considerably on execution time.
-$use_session_cache = configuration_vars::get_instance()->use_session_cache;
-
 if (!isset($_SESSION)) {
     session_start();
- }
+    $_SESSION['aixada'] = true;
+    session_commit(); // Force write session to create it and able to open $_SESSION faster.
+}
 
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
@@ -41,9 +39,6 @@
 	<script type="text/javascript">
 		$(function(){
 			$.ajaxSetup({ cache: false });
-
-			document.cookie = 'USERAUTH=';
-			
 			/**
 			 *	logon stuff
 			 */
@@ -55,21 +50,7 @@
 					type: "POST",
                     url: "php/ctrl/Login.php?oper=login",
 					data:dataSerial,		
-					success: function(returned_cookie){
-					    /*
-					      FIXME
-					      there are two very basic security issues here:
-					      1. the dataSerial is posted unencrypted, and so is visible to everyone!
-					      Even encrypting the username/password is no solution, because anyone who intercepts the communication
-					      can just send the encrypted text without knowing what it decrypts to, but can log in anyways.
-					      The solution could be to implement an SSL protocol.
-					      2. The cookie never expires.
-					      This has two parts: here in document.cookie we could set an expiry date;
-					      on the other hand, if the cookie is seen to have expired in cookie.inc.php, 
-					      it is just renewed without any consequence.
-					     */
-					    document.cookie = 'USERAUTH=' + escape(returned_cookie);
-					    
+					success: function() {
 					    top.location.href = 'index.php';
 					    
 					},
diff --git a/manage_data.php b/manage_data.php
index 66db0412..2a14a013 100644
--- a/manage_data.php
+++ b/manage_data.php
@@ -15,24 +15,25 @@ function check_manager_exist($table_name) {
     }
     
 	/**
-	 * This function looks at the current_role written to the
-	 * cookie and the $_SESSION['userdata'] to determine if the table
+	 * This function looks at the current_role to determine if the table
 	 * currently requested may be edited by the user in the current role.
 	 */
     function may_edit_table($data_table) {
         $table_aux = strstr($data_table, '_');
         $prefix = strstr($data_table, '_', true);
         if ($prefix !== 'aixada') {
-            $table_aux = '_'.$prefix.$table_aux;
+            $table_aux = '_' . $prefix.$table_aux;
         }
-        $property = 'may_edit'.$table_aux;
-        if (in_array($property, 
-                     configuration_vars::get_instance()->rights_of[$_SESSION['userdata']['current_role']])) {
-            return true;
-        } else {
-            return false;
+        if (is_created_session()) {
+            $rights_of = get_config('rights_of');
+            $current_role = get_current_role();
+            if (in_array('may_edit' . $table_aux, $rights_of[$current_role])) {
+                return true;
+            }
         }
+        return false;
     }
+
     $is_edit = 'false';
     if ($data_manager){
         if (may_edit_table($table_name)) {
diff --git a/manage_ufmember.php b/manage_ufmember.php
index 53ffbd83..7b28264d 100644
--- a/manage_ufmember.php
+++ b/manage_ufmember.php
@@ -42,7 +42,9 @@
 
 
 		//show/hide reset pwd. 
-		var isAdmin = "<?=$_SESSION['userdata']['current_role'];?>";
+		var isAdmin = "<?php
+            echo get_current_role();
+        ?>";
 		isAdmin = (isAdmin == "Hacker Commission")? true:false; 
 
 			
diff --git a/php/ctrl/Account.php b/php/ctrl/Account.php
index 76e509eb..5dd5b449 100644
--- a/php/ctrl/Account.php
+++ b/php/ctrl/Account.php
@@ -8,16 +8,9 @@
 require_once(__ROOT__ . "php/utilities/general.php");
 require_once(__ROOT__ . "php/lib/account_operations.php");
 
-
-$use_session_cache = true; 
-
-
-if (!isset($_SESSION)) {
-    session_start();
- }
-
-
 try{ 
+    validate_session(); // The user must be logged in.
+    
    	$ao = new account_operations();
  	switch ($_REQUEST['oper']) {
         case 'getAccounts':
diff --git a/php/ctrl/ActivateProducts.php b/php/ctrl/ActivateProducts.php
index ef3d6c69..bdf2cb06 100644
--- a/php/ctrl/ActivateProducts.php
+++ b/php/ctrl/ActivateProducts.php
@@ -10,22 +10,11 @@
 require_once(__ROOT__ . "php/utilities/dates.php");
 require_once(__ROOT__ . "php/utilities/shop_and_order.php");
 
-
-
-// This controls if the table_manager objects are stored in $_SESSION or not.
-// It looks like doing it cuts down considerably on execution time.
-$use_session_cache = configuration_vars::get_instance()->use_session_cache;
-
-
-
-if (!isset($_SESSION)) {
-    session_start();
- }
-
 //DBWrap::get_instance()->debug = true;
 
 try{
-	
+  validate_session(); // The user must be logged in.
+  
   switch($_REQUEST['oper']) {
   	
 	  case 'listAllOrderableProviders':
diff --git a/php/ctrl/ActivateRoles.php b/php/ctrl/ActivateRoles.php
index 9a324d73..128b2fce 100644
--- a/php/ctrl/ActivateRoles.php
+++ b/php/ctrl/ActivateRoles.php
@@ -7,19 +7,9 @@
 require_once(__ROOT__ . "php/inc/database.php");
 require_once(__ROOT__ . "php/utilities/general.php");
 
-if (!isset($_SESSION)) {
-    session_start();
- }
-
-DBWrap::get_instance()->debug = true;
-
-function get_deactivated_roles($member_id)
-{
-
-}
-
 try{
-  $op_id = $_SESSION['userdata']['uf_id'];
+  validate_session(); // The user must be logged in.
+    
   $user_id = isset($_REQUEST['user_id']) ? $_REQUEST['user_id'] : '';
 
 
diff --git a/php/ctrl/Admin.php b/php/ctrl/Admin.php
index 9628d363..be3a3c25 100644
--- a/php/ctrl/Admin.php
+++ b/php/ctrl/Admin.php
@@ -7,12 +7,8 @@
 require_once __ROOT__ . "php/inc/adminDatabase.php";
 require_once __ROOT__ . "php/utilities/general.php";
 
-if (!isset($_SESSION)) {
-    session_start();
- }
-
 try{
-
+  validate_session(); // The user must be logged in.
 	
   switch (get_param('oper')) {
 	
diff --git a/php/ctrl/AixadaSession.php b/php/ctrl/AixadaSession.php
new file mode 100644
index 00000000..4f8e2ab3
--- /dev/null
+++ b/php/ctrl/AixadaSession.php
@@ -0,0 +1,47 @@
+<?php
+
+define('DS', DIRECTORY_SEPARATOR);
+define('__ROOT__', dirname(dirname(dirname(__FILE__))).DS); 
+
+require_once __ROOT__ . 'php/lib/exceptions.php';
+require_once __ROOT__ . 'php/utilities/general.php';
+
+try {
+
+    $uri = (isset($_REQUEST['originating_uri']) ? $_REQUEST['originating_uri'] : 'index.php');
+    if (isset($_REQUEST['change_role_to'])) {
+        $new_role = $_REQUEST['change_role_to'];
+        if (is_created_session()) {
+            change_session_role($new_role);
+            $fp = get_config('forbidden_pages');
+            if (!$uri || isset($fp[$new_role])) {
+                foreach($fp[$new_role] as $page) {
+                    if (strpos($uri, $page) !== false) {
+                        $uri = 'index.php';
+                        break;
+                    }
+                }
+            }
+        } else {
+            $uri = 'login.php';
+        }
+        printXML('<row><navigation>' . $uri . '</navigation></row>');
+        exit;
+    }
+    
+    if (isset($_REQUEST['change_lang_to'])) {
+        $new_lang = $_REQUEST['change_lang_to'];
+        if (is_created_session()) {
+            change_session_language($new_lang);
+        } else {
+            $uri = 'login.php';
+        }
+        printXML('<row><navigation>' . $uri . '</navigation></row>');
+        exit;        
+    }
+}
+
+catch(Exception $e) {
+  header('HTTP/1.0 401 ' . $e->getMessage());
+  die($e->getMessage());
+}  
diff --git a/php/ctrl/Cookie.php b/php/ctrl/Cookie.php
deleted file mode 100644
index 9de45644..00000000
--- a/php/ctrl/Cookie.php
+++ /dev/null
@@ -1,60 +0,0 @@
-<?php
-
-define('DS', DIRECTORY_SEPARATOR);
-define('__ROOT__', dirname(dirname(dirname(__FILE__))).DS); 
-
-require_once(__ROOT__ . "php/utilities/general.php");
-require_once(__ROOT__ . 'php/inc/cookie.inc.php');
-
-if (!isset($_SESSION)) {
-    session_start();
- }
-
-try {
-    $cookie = new Cookie();
-    $cookie->validate();
-    $uri = (isset($_REQUEST['originating_uri']) ? $_REQUEST['originating_uri'] : 'index.php');
-}   
-catch (AuthException $e) {
-    header('HTTP/1.0 401 ' . $e->getMessage());
-    die($e->getMessage());
-}
-
-try {
-    if (isset($_REQUEST['change_role_to'])) {
-        $new_role = $_REQUEST['change_role_to'];
-        $fp = configuration_vars::get_instance()->forbidden_pages;
-        if (!$uri || 
-            (isset($_SESSION['userdata']) && isset($fp[$new_role]))) {
-            $forbidden = false;
-            foreach($fp[$new_role] as $page) {
-                if (strpos($uri, $page) !== false) {
-                    $forbidden = true;
-                    break;
-                }
-            }
-            if ($forbidden) 
-                $uri = 'index.php';
-        }
-        $cookie->change_role($new_role);
-        printXML('<row><navigation>' . $uri . '</navigation>' .
-		 '<cookie>' . $cookie->package() . '</cookie></row>');
-        exit;
-    }
-    
-    if (isset($_REQUEST['change_lang_to'])) {
-        $new_lang = $_REQUEST['change_lang_to'];
-        $cookie->change_language($new_lang);
-        printXML('<row><navigation>' . $uri . '</navigation>' .
-		 '<cookie>' . $cookie->package() . '</cookie></row>');
-        exit;        
-    }
-}
-
-catch(Exception $e) {
-  header('HTTP/1.0 401 ' . $e->getMessage());
-  die($e->getMessage());
-}  
-
-
-?>
\ No newline at end of file
diff --git a/php/ctrl/Dates.php b/php/ctrl/Dates.php
index 6412593e..7808d3a7 100644
--- a/php/ctrl/Dates.php
+++ b/php/ctrl/Dates.php
@@ -8,13 +8,6 @@
 require_once(__ROOT__ . "php/utilities/dates.php");
 require_once(__ROOT__ . "php/utilities/general.php");
 
-$use_session_cache = configuration_vars::get_instance()->use_session_cache;
-
-if (!isset($_SESSION)) {
-    session_start();
- }
-
-
 DBWrap::get_instance()->debug = true;
 
 function extract_data($what) {
@@ -22,6 +15,8 @@ function extract_data($what) {
 }
 
 try{
+    validate_session(); // The user must be logged in.
+    
     $oper = extract_data('oper');
     $date = extract_data('date');
 
diff --git a/php/ctrl/ImportExport.php b/php/ctrl/ImportExport.php
index f033e909..9fc8fedf 100644
--- a/php/ctrl/ImportExport.php
+++ b/php/ctrl/ImportExport.php
@@ -27,10 +27,9 @@
 ob_start();
 $firephp = FirePHP::getInstance(true);
 
-
-
 try{ 
-   
+	validate_session(); // The user must be logged in.
+
 	global $firephp; 
 	
  	switch (get_param('oper')) {
@@ -104,7 +103,8 @@
                 }
             }
 			echo $dt->get_html_table();
-			$_SESSION['import_file'] = $path; 
+			$_SESSION['import_file'] = $path;
+            session_commit();
  			exit;
 
  	
diff --git a/php/ctrl/Incidents.php b/php/ctrl/Incidents.php
index 26d48f36..227a3064 100644
--- a/php/ctrl/Incidents.php
+++ b/php/ctrl/Incidents.php
@@ -8,14 +8,16 @@
 require_once(__ROOT__ . "php/utilities/general.php");
 require_once(__ROOT__ . "php/utilities/incidents.php");
 
-
-
-if (!isset($_SESSION)) {
-    session_start();
-}
-
 try{
+    if (get_param('oper') === 'getIncidentsListing' && 
+        get_param('type', 1) == 3 // Incident sent to portal (used in login.php)
+    ) {
+        echo get_incidents_in_range(get_param('filter', 'prev2Month'), get_param('fromDate',0), get_param('toDate',0), get_param('type',1) );
+	    exit; 
+    }
 
+    validate_session(); // For all other requests, the user must be logged in
+    
     switch (get_param('oper')) {
     	    	
     	 case 'getIncidentTypes':
diff --git a/php/ctrl/InstallAixada.php b/php/ctrl/InstallAixada.php
index b54e7386..2015b2f3 100644
--- a/php/ctrl/InstallAixada.php
+++ b/php/ctrl/InstallAixada.php
@@ -65,7 +65,7 @@
                 ));
             } else {
                 // Do it!
-                $results .= "\n\nDone by: '{$_SESSION['userdata']['login']}' at " . date('Y-m-d H:i:s') . "\n\n";
+                $results .= "\n\nDone by: '" . get_session_login() . "' at " . date('Y-m-d H:i:s') . "\n\n";
                 
                 // Do a previous backup.
                 $results .= "\nA database backup has been created as:\n  "  .
@@ -135,19 +135,14 @@ function CheckExistAndLogin() {
     $existAixada = get_row_query("SELECT table_name FROM information_schema.tables where table_schema=DATABASE() and table_name='aixada_uf'");
     if ($existAixada) {
         // Logged options
-        if (!isset($_SESSION)) {
-            session_start();
-        }
-        if (!isset($_SESSION['userdata']) || 
-            !isset($_SESSION['userdata']['roles']) || 
-            !isset($_SESSION['userdata']['login'])
-        ) {
+        if (!is_created_session()) {
             throw new Exception("Must identify as a user before starting an database update!
-            <br><a href=\"login.php?\">login</a>");
+            <br><a target=\"_blank\" href=\"login.php?\">login</a>");
         }
-        if (!in_array('Hacker Commission', $_SESSION['userdata']['roles'])) {
+        $roles = get_session_value('roles');
+        if (!in_array('Hacker Commission', $roles)) {
             throw new Exception("Only a user with role \"Hacker Commission\" can do an database update!
-            <br><a href=\"login.php?\">login</a>");
+            <br><a target=\"_blank\" href=\"login.php?\">login</a>");
         }
         // Is updatable?
         $isUpdatable = !!get_row_query(
diff --git a/php/ctrl/Login.php b/php/ctrl/Login.php
index 4d98a559..c5c7e5e5 100644
--- a/php/ctrl/Login.php
+++ b/php/ctrl/Login.php
@@ -9,11 +9,6 @@
 require_once(__ROOT__ . "php/inc/authentication.inc.php");
 require_once(__ROOT__ . "php/utilities/general.php");
 require_once(__ROOT__ . "php/lib/exceptions.php");
-require_once(__ROOT__ . 'php/inc/cookie.inc.php');
-
-if (!isset($_SESSION)) {
-    session_start();
-}
 
 require_once(__ROOT__ . 'php/external/FirePHPCore/lib/FirePHPCore/FirePHP.class.php');
 ob_start();
@@ -29,8 +24,7 @@
 	  case 'logout':
 	      try {
 		  	  //global $firephp;
-	        $cookie=new Cookie();
-	        $cookie->logout();
+	        logout_session();
 		  	$h = 'Location:' . __ROOT__ . 'login.php';
 	      } 
 	      catch (AuthException $e) {
@@ -56,9 +50,15 @@
 	               $current_role, 
 	               $current_language_key, 
 	               $theme) = $auth->check_credentials(get_param('login'), get_param('password'));
+              /* FIXME
+                    There a security issues here: 'login' and 'password' are posted unencrypted, and so is visible to everyone!
+                    Even encrypting the username/password is no solution, because anyone who intercepts the communication
+                    can just send the encrypted text without knowing what it decrypts to, but can log in anyways.
+                    The solution could be to implement an SSL protocol.
+              */
 	      	  
 	          $langs = existing_languages();
-	          $cookie = new Cookie(true, 
+	          create_session( 
 	                               $user_id, 
 	                               $login, 
 	                               $uf_id, 
@@ -70,13 +70,10 @@
 	                               array_values($langs), 
 	                               $current_language_key,
 	                               $theme);
-	
-	          $cookie->set();
 	      }	catch (AuthException $e) {
 		  	header("HTTP/1.1 401 Unauthorized " . $e->getMessage());
 	        die($e->getMessage());
 	      }	
-	      print $cookie->package();
 	      exit; 
 	      	
 	  default:
diff --git a/php/ctrl/ManageData.php b/php/ctrl/ManageData.php
index b32730f2..d01478f1 100644
--- a/php/ctrl/ManageData.php
+++ b/php/ctrl/ManageData.php
@@ -6,9 +6,6 @@
 require_once(__ROOT__ . "php/inc/database.php");
 require_once(__ROOT__ . "php/utilities/general.php");
 
-if (!isset($_SESSION)) {
-    session_start();
-}
 $table_name = get_param('table');
 $oper = get_param('oper');
 if ($oper) {
@@ -16,6 +13,8 @@
         include_once(__ROOT__."php/ctrl/ManageData/{$table_name}.php");
         $data_manager = new data_manager();
         try {
+            validate_session(); // The user must be logged in.
+            
             switch ($oper) {
             case 'edit':
                 echo $data_manager->update($_REQUEST);
diff --git a/php/ctrl/Orders.php b/php/ctrl/Orders.php
index da02c4ee..8e2533c0 100644
--- a/php/ctrl/Orders.php
+++ b/php/ctrl/Orders.php
@@ -8,13 +8,8 @@
 require_once(__ROOT__ . "php/utilities/general.php");
 require_once(__ROOT__ . "php/utilities/orders.php");
 
-
-if (!isset($_SESSION)) {
-    session_start();
-}
-
 try{
-	
+	validate_session(); // The user must be logged in.
 
     switch (get_param('oper')) {
     	
diff --git a/php/ctrl/Providers.php b/php/ctrl/Providers.php
index 84e6d560..e86f920e 100644
--- a/php/ctrl/Providers.php
+++ b/php/ctrl/Providers.php
@@ -8,14 +8,8 @@
 require_once(__ROOT__ . "php/inc/database.php");
 require_once(__ROOT__ . "php/utilities/general.php");
 
-
-
-if (!isset($_SESSION)) {
-    session_start();
- }
- 
-
 try{
+    validate_session(); // The user must be logged in.
 
     switch ($_REQUEST['oper']) {
 
diff --git a/php/ctrl/Report.php b/php/ctrl/Report.php
index 79f05143..25444fb1 100644
--- a/php/ctrl/Report.php
+++ b/php/ctrl/Report.php
@@ -6,12 +6,8 @@
 require_once(__ROOT__ . "php/inc/database.php");
 require_once(__ROOT__ . "php/utilities/general.php");
 
-
-if (!isset($_SESSION)) {
-    session_start();
-}
-
 try{
+    validate_session(); // The user must be logged in.
 
     switch (get_param('oper')) {
     	
diff --git a/php/ctrl/Shop.php b/php/ctrl/Shop.php
index 0499f408..2c864d48 100644
--- a/php/ctrl/Shop.php
+++ b/php/ctrl/Shop.php
@@ -7,11 +7,8 @@
 require_once(__ROOT__ . "php/utilities/general.php");
 require_once(__ROOT__ . "php/utilities/shop.php");
 
-if (!isset($_SESSION)) {
-    session_start();
-}
-
 try{
+    validate_session(); // The user must be logged in.
 
     switch (get_param('oper')) {
     	
diff --git a/php/ctrl/ShopAndOrder.php b/php/ctrl/ShopAndOrder.php
index e4796de9..6fb42cd4 100644
--- a/php/ctrl/ShopAndOrder.php
+++ b/php/ctrl/ShopAndOrder.php
@@ -9,17 +9,10 @@
 require_once(__ROOT__ . "php/utilities/general.php");
 require_once(__ROOT__ . "php/utilities/shop_and_order.php");
 
-
-
-
-if (!isset($_SESSION)) {
-    session_start();
-}
-
 DBWrap::get_instance()->debug = true;
 
 try{
-	
+	validate_session(); // The user must be logged in.
 	
     // first we process those requests that don't need to construct a cart manager
     switch (get_param('oper')) {
@@ -108,17 +101,17 @@
     switch (get_param('what', $default='')) {
 	    case 'Shop':
 	        require_once(__ROOT__ . "php/lib/shop_cart_manager.php");
-	        $cm = new shop_cart_manager($_SESSION['userdata']['uf_id'], get_param('date')); 
+	        $cm = new shop_cart_manager(get_session_uf_id(), get_param('date')); 
 	        break;
 	      
 	    case 'Order':
 	        require_once(__ROOT__ . "php/lib/order_cart_manager.php");
-	        $cm = new order_cart_manager($_SESSION['userdata']['uf_id'], get_param('date')); 
+	        $cm = new order_cart_manager(get_session_uf_id(), get_param('date')); 
 	        break;
 	      
 	    case 'favorite_order':
 	        require_once(__ROOT__ . "php/lib/favorite_order_cart_manager.php");
-	        $cm = new favorite_order_cart_manager($_SESSION['userdata']['uf_id'], get_param('name')); 
+	        $cm = new favorite_order_cart_manager(get_session_uf_id(), get_param('name')); 
 	        break;
 	      
 	    default:
diff --git a/php/ctrl/SmallQ.php b/php/ctrl/SmallQ.php
index 88c74f23..9f2df654 100644
--- a/php/ctrl/SmallQ.php
+++ b/php/ctrl/SmallQ.php
@@ -9,14 +9,12 @@
 require_once(__ROOT__ . "php/utilities/general.php");
 require_once(__ROOT__ . 'local_config/lang/'.get_session_language() . '.php');
 
-if (!isset($_SESSION)) {
-    session_start();
- }
 
 global $Text; 
 
 try{
-
+    validate_session(); // The user must be logged in.
+    
     switch ($_REQUEST['oper']) {
 
 	    case 'configMenu':
@@ -40,7 +38,7 @@
 	        printXML(existing_languages_XML());
 	        exit;
 	        
-	    //returns a list of all active providers for shopping (ony name and id). 
+	    //returns a list of all active providers for shopping (only name and id). 
 		case 'getActiveProviders':
 			printXML(stored_query_XML_fields('get_all_active_providers'));
 			exit;
diff --git a/php/ctrl/Statistics.php b/php/ctrl/Statistics.php
index eeeb4c76..8495937b 100644
--- a/php/ctrl/Statistics.php
+++ b/php/ctrl/Statistics.php
@@ -6,19 +6,10 @@
 
 require_once(__ROOT__ . "php/utilities/statistics.php");
 require_once(__ROOT__ . "php/utilities/visualization.php");
-
-
-$use_session_cache = true; 
-// This controls if the table_manager objects are stored in $_SESSION or not.
-// It looks like doing it cuts down considerably on execution time.
-
-if (!isset($_SESSION)) {
-    session_start();
- }
-
-//DBWrap::get_instance()->debug = true;
+require_once __ROOT__ . "php/utilities/general.php";
 
 try{
+    validate_session(); // The user must be logged in.
     
     switch ($_REQUEST['oper']) {
 	    case 'uf':
diff --git a/php/ctrl/TableManager.php b/php/ctrl/TableManager.php
index a2d92064..68ef8b22 100644
--- a/php/ctrl/TableManager.php
+++ b/php/ctrl/TableManager.php
@@ -7,19 +7,9 @@
 require_once(__ROOT__ . "php/inc/database.php");
 require_once(__ROOT__ . "php/utilities/general.php");
 
-if (!isset($_SESSION)) {
-    session_start();
- }
-
-              
 require_once(__ROOT__ . 'local_config/lang/' . get_session_language() . '.php');
 require_once(__ROOT__ . "php/utilities/tables.php");
 
-$use_session_cache = configuration_vars::get_instance()->use_session_cache;
-$use_canned_responses = configuration_vars::get_instance()->use_canned_responses;
-
-
-
 function get_columns_as_JSON()
 {
   global $special_table;
@@ -46,7 +36,8 @@ function get_options()
     if (strlen($options['filter'])>0) {
       $options['filter'] .= ' and ';
     }
-    $uf_id = 1000 + (int)($_SESSION['userdata']['uf_id']);
+    
+    $uf_id = 1000 + (int)(get_session_uf_id());
     $options['filter'] .= "aixada_account.account_id=$uf_id";
     // we do this here so that the user can't hijack other users' account data 
     //by mangling the request in the browser
@@ -123,7 +114,7 @@ function post_edit_hook($request)
 	$db = DBWrap::get_instance();
 	$row = $db->Execute("select current_price from aixada_price where product_id=:1", $request['id'])->fetch_array();
 	if ($row[0] != $request['unit_price']) {
-	    $db->Execute("insert into aixada_price (product_id, current_price, operator_id) values (:1, :2, :3);", $request['id'], $request['unit_price'], $_SESSION['userdata']['user_id']);
+	    $db->Execute("insert into aixada_price (product_id, current_price, operator_id) values (:1, :2, :3);", $request['id'], $request['unit_price'], get_session_user_id());
 	}
 	break;
     default:
@@ -135,7 +126,7 @@ function post_create_hook($index, $request)
 {
     switch ($request['table']) {
     case 'aixada_product': 
-	DBWrap::get_instance()->Execute("insert into aixada_price (product_id, current_price, operator_id) values (:1, :2, :3);", $index, $request['unit_price'], $_SESSION['userdata']['user_id']);
+	DBWrap::get_instance()->Execute("insert into aixada_price (product_id, current_price, operator_id) values (:1, :2, :3);", $index, $request['unit_price'], get_session_user_id());
 	break;
     default:
 	break;
@@ -146,6 +137,8 @@ function post_create_hook($index, $request)
 
 
 try{
+  validate_session(); // The user must be logged in.
+  
   $special_table = ($_REQUEST['table'] == "aixada_user");
 
   if (!isset($_REQUEST['oper']))
@@ -186,8 +179,7 @@ function post_create_hook($index, $request)
 
   require_once(__ROOT__ . 'php/lib/table_manager.php');
   if (!$special_table)
-    $tm = new table_manager($_REQUEST['table'], 
-			    configuration_vars::get_instance()->use_session_cache);
+    $tm = new table_manager($_REQUEST['table']);
 
   switch ($_REQUEST['oper']) {
   case 'get_by_id':
diff --git a/php/ctrl/UserAndUf.php b/php/ctrl/UserAndUf.php
index 96237a18..4fb1a69b 100644
--- a/php/ctrl/UserAndUf.php
+++ b/php/ctrl/UserAndUf.php
@@ -8,14 +8,8 @@
 require_once(__ROOT__ . "php/utilities/general.php");
 require_once(__ROOT__ . "php/utilities/useruf.php");
 
-
-if (!isset($_SESSION)) {
-    session_start();
- }
-
-
 try{
-   
+  validate_session(); // The user must be logged in.
 
   switch ($_REQUEST['oper']) {
   	    
diff --git a/php/ctrl/Validate.php b/php/ctrl/Validate.php
index 4aa6137f..9864079d 100644
--- a/php/ctrl/Validate.php
+++ b/php/ctrl/Validate.php
@@ -10,16 +10,10 @@
 require_once(__ROOT__ . "php/utilities/shop_and_order.php");
 require_once(__ROOT__ . "php/lib/validation_cart_manager.php");
 
-$use_session_cache = configuration_vars::get_instance()->use_session_cache;
-
-if (!isset($_SESSION)) {
-    session_start();
- }
-
 DBWrap::get_instance()->debug = true;
 
 try{
-
+  validate_session(); // The user must be logged in.
 	
   switch (get_param('oper')) {
 
diff --git a/php/inc/cookie.inc.php b/php/inc/cookie.inc.php
deleted file mode 100644
index 6cc03d79..00000000
--- a/php/inc/cookie.inc.php
+++ /dev/null
@@ -1,285 +0,0 @@
-<?php
-/** 
- * @package Aixada
- */ 
-
-require_once(__ROOT__ . 'php'.DS.'lib'.DS.'exceptions.php');
-require_once(__ROOT__ . 'php'.DS.'inc'.DS.'database.php');
-
-if (!isset($_SESSION)) {
-    session_start();
-}
-
-
-
-/**
- * The following class implements cookies, based on an
- * implementation from George Schlossnagle, Advanced PHP Programming, p.341
- *
- * @param int $user_id stores the unique user id
- * @param int $uf_id stores the associated uf identifier, or empty
- * @param int $member_id stores the associated member identifier, or empty
- * @param int $provider_id stores the associated provider identifier, or empty
- * @param array $roles stores the associated role identifiers
- * @param string $current_role stores the current role
- * @param string $language stores the current language
- *
- * @package Aixada
- * @subpackage Authentication
- */
-
-
-class Cookie {
-  // Aixada data
-  private $logged_in = false;
-  private $user_id;
-  private $login;
-  private $uf_id; 
-  private $member_id; 
-  private $provider_id;
-  private $roles;
-  private $current_role;
-  private $language_keys;
-  private $language_names;
-  private $current_language_key;
-  private $theme; 
-
-  // Cookie data
-  private $created;
-  private $version;
-  // the mcrypt handle
-  private $td;
-
-  // mcrypt information
-  static $cypher  = 'blowfish';
-  static $mode    = 'cfb';
-  static $key     = 'aIxAdA947AiXaDa';
-
-  // cookie format information
-  static $cookiename = 'USERAUTH';
-  static $myversion  = '1';
-  // when to expire the cookie
-  static $expiration = '6000';
-  // when to reissue 
-  static $resettime = '3000';
-  static $glue  = '|';
-  static $array_glue = '~';
-
-  public function __construct($logged_in=false, 
-                              $user_id=false, 
-                              $login = false, 
-                              $uf_id=false, 
-                              $member_id=false, 
-                              $provider_id=false, 
-                              $roles=false, 
-                              $current_role=false, 
-                              $language_keys=false, 
-                              $language_names=false, 
-                              $current_language_key=false, 
-                              $theme=false) {
-      $this->td = mcrypt_module_open(self::$cypher, '', self::$mode, '');
-      if (!$this->td) 
-	  die("<br>Error in opening mcrypt with cypher=".self::$cypher .", mode=".self::$mode."<br>");
-      if ($logged_in) {
-		  $this->logged_in = true;
-		  $this->user_id = $user_id;
-		  $this->login = $login;
-		  $this->uf_id = $uf_id; 
-		  $this->member_id = $member_id; 
-		  $this->provider_id = $provider_id;
-		  $this->roles = $roles;
-		  $this->current_role = $current_role;
-		  $this->language_keys = $language_keys;
-		  $this->language_names = $language_names;
-		  $this->current_language_key = $current_language_key;
-		  $this->theme = $theme;
-		  return;
-      } else {
-		  if (array_key_exists(self::$cookiename, $_COOKIE)) {
-		      $buffer = $this->_unpackage($_COOKIE[self::$cookiename]);
-		  } else {
-		      var_dump($_COOKIE);
-		      throw new AuthException("Bad cookie");
-		  }
-      }
-  }
-
-  /**
-   * This function packages, encrypts and sets the cookie. Moreover,
-   * it copies all relevant data into $_SESSION['userdata'] 
-   */
-  public function set() {
-      $cookie = $this->package();
-      $userdata=array('user_id'      => $this->user_id, 
-		      'login'         => $this->login, 
-		      'uf_id'        => $this->uf_id, 
-		      'member_id'    => $this->member_id, 
-		      'provider_id'  => $this->provider_id,
-		      'roles'   => $this->roles,
-		      'current_role' => $this->current_role,
-		      'language_keys' => $this->language_keys,
-		      'language_names' => $this->language_names,
-		      'language' => $this->current_language_key,
-		      'theme' => $this->theme);
-      $_SESSION['userdata'] = $userdata;
-      $_COOKIE[self::$cookiename] = $cookie;
-      //      setcookie(self::$cookiename, $cookie); 
-      //  don't do this, because it leads to a duplicate cookie.
-  }
-
-  /**
-   * Is the cookie ok? If the cookie is older than $resettime, it is
-   * reset. If the data in $_SESSION['userdata'] doesn't exist, it is
-   * also set.
-   */
-  public function validate() {
-    if (!$this->version || !$this->created || !$this->user_id) {
-      throw new AuthException("Malformed cookie");
-    }
-    if ($this->version != self::$myversion) {
-      throw new AuthException("Version mismatch");
-    }
-    if (!$this->logged_in) {
-        throw new AuthException("Not logged in");
-    }
-    if ((time() - $this->created) > self::$resettime) {
-      $this->set();
-    }
-    if (!isset($_SESSION['userdata'])) {
-        $userdata=array('logged_in'    => $this->logged_in,
-                        'user_id'      => $this->user_id, 
-                        'login'        => $this->login, 
-                        'uf_id'        => $this->uf_id, 
-                        'member_id'    => $this->member_id, 
-                        'provider_id'  => $this->provider_id,
-                        'roles'        => $this->roles,
-                        'current_role' => $this->current_role,
-                        'language_keys'     => $this->language_keys,
-                        'language_names'     => $this->language_names,
-                        'language' => $this->current_language_key,
-						'theme' => $this->theme);
-      $_SESSION['userdata'] = $userdata;
-    }
-  }
-
-
-  /**
-   * Call this function to change the role of a user. The information
-   * is written to the cookie and to $_SESSION['userdata'].
-   */
-  public function change_role($new_role) {
-      $this->current_role   = $new_role;
-      $_SESSION['userdata']['current_role']   = $this->current_role;
-      $this->set();
-  }
-
-  /**
-   * Call this function to change the role of a user. The information
-   * is written to the cookie and to $_SESSION['userdata'].
-   */
-  public function change_language($new_language_key) {
-      $this->current_language_key = $new_language_key;
-      $_SESSION['userdata']['language'] = $this->current_language_key;
-      $this->set();
-  }
-
-  public function logout() {
-    unset($_SESSION['userdata']);
-    unset($_COOKIE[self::$cookiename]);
-    setcookie(self::$cookiename, '', time() - 3600);
-    /* $this->logged_in = false; */
-    /* $this->user_id=false;  */
-    /* $this->login = false;  */
-    /* $this->uf_id=false;  */
-    /* $this->member_id=false;  */
-    /* $this->provider_id=false;  */
-    /* $this->roles=false;  */
-    /* $this->current_role=false;  */
-    /* $this->language_keys=false;  */
-    /* $this->language_names=false;  */
-    /* $this->current_language_key=false;  */
-    /* $this->theme=false; */
-
-    /* $this->set(); */
-  }
-
-  /**
-   *  Package the cookie. 
-   */
-  public function package() {
-      if ($this->logged_in) {
-	  $parts = array(self::$myversion, 
-			 time(), 
-			 $this->logged_in,
-			 $this->user_id, 
-			 $this->login,
-			 $this->uf_id, 
-			 $this->member_id, 
-			 $this->provider_id,
-			 implode(self::$array_glue, $this->roles),
-			 $this->current_role,
-			 implode(self::$array_glue, $this->language_keys),
-			 implode(self::$array_glue, $this->language_names),
-			 $this->current_language_key,
-			 $this->theme);
-	  $cookie = implode(self::$glue, $parts);
-      } else {
-	  $cookie = 'x';
-      }
-      return urlencode($this->_encrypt($cookie));
-  }
-
-  private function _unpackage($cookie) {
-      if ($cookie == '') {
-	  $this->logout();
-	  return;
-      }
-      $buffer = $this->_decrypt(urldecode($cookie));
-      list($this->version, 
-	   $this->created, 
-	   $this->logged_in,
-	   $this->user_id, 
-	   $this->login,
-	   $this->uf_id, 
-	   $this->member_id, 
-	   $this->provider_id, 
-	   $role_array,
-	   $this->current_role,
-	   $lang_key_array,
-	   $lang_name_array,
-	   $this->current_language_key,
-	   $this->theme) = explode(self::$glue, $buffer);
-        
-      $this->roles = explode(self::$array_glue, $role_array);
-      $this->language_keys = explode(self::$array_glue, $lang_key_array);
-      $this->language_names = explode(self::$array_glue, $lang_name_array);
-      if ($this->version != self::$myversion || !$this->created || ! $this->user_id) {
-	  throw new AuthException();
-      }
-  }
-
-  protected function _encrypt($plaintext) {
-      $iv = mcrypt_create_iv(mcrypt_enc_get_iv_size($this->td), MCRYPT_RAND);
-      if (!$iv) throw new AuthException("error in iv ");
-      mcrypt_generic_init($this->td, self::$key, $iv);
-      $crypttext = mcrypt_generic($this->td, $plaintext);
-      mcrypt_generic_deinit($this->td);
-      return $iv.$crypttext;
-  }
-
-  protected function _decrypt($crypttext) {
-      $ivsize = mcrypt_enc_get_iv_size($this->td);
-      $iv = substr($crypttext, 0, $ivsize);
-      $subtext = substr($crypttext, $ivsize);
-      mcrypt_generic_init($this->td, self::$key, $iv);
-      $plaintext = mdecrypt_generic ($this->td, $subtext);
-      mcrypt_generic_deinit($this->td);
-      return $plaintext;
-  }
-
-  private function _reissue() {
-      $this->created = time();
-  }
-
-}
-?>
\ No newline at end of file
diff --git a/php/inc/database.php b/php/inc/database.php
index 301311bf..2c1dd73c 100644
--- a/php/inc/database.php
+++ b/php/inc/database.php
@@ -19,11 +19,6 @@
 require_once(__ROOT__ . 'php'.DS.'utilities'.DS.'general.php');
 require_once(__ROOT__ . 'php'.DS.'lib'.DS.'exceptions.php');
 
-if (!isset($_SESSION)) {
-    session_start();
- }
-
-
 require_once(__ROOT__ . 'local_config'.DS.'lang'.DS. get_session_language() . '.php');
 
 
@@ -307,8 +302,6 @@ public function Insert ($arrData)
 	  }
       }
       $strSQL .= ') ' . $strVAL . ');';
-      if (isset($_SESSION['fkeys'][$table_name]))
-	  unset($_SESSION['fkeys'][$table_name]);
       return $this->do_Execute($strSQL); // TODO: extract new index
   }
 
@@ -343,8 +336,6 @@ public function Update($arrData)
 	  }
       }
       $strSQL .= ' WHERE id=' . $this->mysqli->real_escape_string($arrData['id']) . ';';
-      if (isset($_SESSION['fkeys'][$table_name]))
-	  unset($_SESSION['fkeys'][$table_name]);
       
       $success = $this->do_Execute($strSQL);
     
diff --git a/php/inc/header.inc.base.php b/php/inc/header.inc.base.php
index 059aa614..f9397a49 100644
--- a/php/inc/header.inc.base.php
+++ b/php/inc/header.inc.base.php
@@ -5,8 +5,6 @@
 }
 
 require_once("header.inc.version.php"); // To obtain: $aixada_vesion_lastDate
-require_once(__ROOT__ . 'php'.DS.'inc'.DS.'cookie.inc.php');
-//require_once(__ROOT__ . 'php'.DS.'lib'.DS.'exceptions.php'); Is required by 'cookie.inc.php'
 require_once(__ROOT__ . 'local_config'.DS.'config.php');
 require_once(__ROOT__ . 'php'.DS.'utilities'.DS.'general.php');
 
@@ -31,7 +29,9 @@ function aixada_js_src($useMenus = true, $rootJs = '') {
     }
     $src .= "
         <script src=\"{$rootJs}js/aixadautilities/jquery.aixadaXML2HTML.js?v={$aixada_vesion_lastDate}\"></script>
-        <script src=\"{$rootJs}js/aixadautilities/jquery.aixadaUtilities.js?v={$aixada_vesion_lastDate}\"></script>";
+        <script src=\"{$rootJs}js/aixadautilities/jquery.aixadaUtilities.js?v={$aixada_vesion_lastDate}\"></script>
+        <script src=\"{$rootJs}js/aixadautilities/i18n/aixadaUtilities-" . get_session_language() . 
+            ".js?v={$aixada_vesion_lastDate}\"></script>";
     if (get_config('use_ajaxQueue')) {
         $src .= "
         <script src=\"{$rootJs}js/jquery-ajaxQueue/jQuery.ajaxQueue.js?v={$aixada_vesion_lastDate}\"></script>";
diff --git a/php/inc/header.inc.php b/php/inc/header.inc.php
index ff1afcce..cbca3683 100644
--- a/php/inc/header.inc.php
+++ b/php/inc/header.inc.php
@@ -9,14 +9,9 @@
 $tpl_print_incidents = configuration_vars::get_instance()->print_incidents_template;
 
    try {
-       $cookie = new Cookie();
-       $cookie->validate();
-       if (isset($_SESSION['userdata']) 
-	   and isset($_SESSION['userdata']['current_role']) 
-	   and $_SESSION['userdata']['current_role'] !== false) {
 	   $fp = configuration_vars::get_instance()->forbidden_pages;
 	   $uri = $_SERVER['REQUEST_URI'];
-	   $role = $_SESSION['userdata']['current_role'];
+	   $role = get_current_role();
 	   $forbidden = false;
 	   foreach($fp[$role] as $page) {
 	       if (strpos($uri, $page) !== false) {
@@ -25,18 +20,10 @@
 	       }
 	   }
 	   if ($forbidden) {
-	       /* $firephp->log('forbidden'); */
-	       /* $firephp->log($uri, 'uri'); */
-	       /* $firephp->log($role, 'role'); */
-	       /* $firephp->log($_SESSION, 'session'); */
-	       /* $firephp->log($_SERVER, 'server'); */
 	       header("Location: index.php");
 	   }
-     }
-     
    }   
    catch (AuthException $e) {
-       //       var_dump($_COOKIE);
      echo("caught AuthException: $e");
      header("Location: login.php?originating_uri=".$_SERVER['REQUEST_URI']);
      exit;
diff --git a/php/inc/header.inc.version.php b/php/inc/header.inc.version.php
index bd0f54cf..a45b47e4 100644
--- a/php/inc/header.inc.version.php
+++ b/php/inc/header.inc.version.php
@@ -4,4 +4,4 @@
  * Do not edit it, but instead run
  * php make_canned_responses.php
  */
-$aixada_vesion_lastDate = '20170304_234636';
+$aixada_vesion_lastDate = '20181210_140125';
diff --git a/php/inc/menu.inc.php b/php/inc/menu.inc.php
index 860db6f7..07ee9a0c 100644
--- a/php/inc/menu.inc.php
+++ b/php/inc/menu.inc.php
@@ -1,49 +1,52 @@
 <div id="logonStatus">
 	<p class="ui-widget">
-		<?php 
+<?php 
+    if (is_created_session()) {
+        // Help
+        echo '<a href="docs/index_' . get_session_language() . '.php" target="_blank">' .
+            $Text['nav_help'] . '</a> | ';	
+        
+        // Login name and uf_id
+        echo  $Text['nav_signedIn'] . " " . get_session_value('login'). 
+            " | " . $Text['uf_long'] . ' ' . get_session_value('uf_id') .
+            " | " . get_session_value('provider_id');
+        
+        // Select rol
+        echo '<select size="0" name="role_select" id="role_select">';
+        foreach (get_session_value('roles') as $role) {
+            echo '<option';
+            $rt = (isset($Text[$role]) ? $Text[$role] : "TRANSLATE[$role]");
+            if ($role == get_current_role()) {
+                echo ' selected';
+            }
+            echo ' value="' . $role. '">' . $rt . '</option>'; 
+        } 
+        echo '</select> ';
 
-   	if ($_SESSION['userdata']['login'] != '') {
+        // Select lang
+        $cfg_use_shop = get_config('use_shop', 'order_and_stock');
+        if (get_config('show_menu_language_select', false)) {
+            echo '<select size="0" name="lang_select" id="lang_select">';
+            $keys = get_session_value('language_keys');
+            $names = get_session_value('language_names');
+            for ($i=0; $i < count($keys); $i++) {
+                echo '<option';
+                if ($keys[$i] == get_session_value('language')) {
+                    echo ' selected';
+                }
+                echo ' value="' . $keys[$i]. '">' . $names[$i] . '</option>'; 
+            } 
+            echo '</select> ';
+        }
+        echo " | ";
 
-   		echo '<a href="docs/index_'.get_session_language().'.php" target="_blank">'.$Text['nav_help'].'</a> | ';	
-   	if (isset($_SESSION['userdata']['can_checkout']) and
-           $_SESSION['userdata']['can_checkout']) {
-           echo '<font color="red">' . $Text['nav_can_checkout'] . '</font> ';
-       }
-     echo  $Text['nav_signedIn'] . " " . $_SESSION['userdata']['login'] . " | "
-       . $Text['uf_long'] . ' ' . $_SESSION['userdata']['uf_id'] . " | " 
-       . $_SESSION['userdata']['provider_id'];
-     echo '<select size="0" name="role_select" id="role_select">';
-     foreach ($_SESSION['userdata']['roles'] as $role) {
-       echo '<option';
-       $rt = (isset($Text[$role]) ? $Text[$role] : "TRANSLATE[$role]");
-       if ($role == $_SESSION['userdata']['current_role'])
-	 echo ' selected';
-       echo ' value="' . $role. '">' . $rt . '</option>'; 
-     } 
-     echo '</select> ';
-     
-     $cfg_use_shop = get_config('use_shop', 'order_and_stock');
-     if (get_config('show_menu_language_select', false)) {
-	     echo '<select size="0" name="lang_select" id="lang_select">';
-	       $keys = $_SESSION['userdata']['language_keys'];
-	       $names = $_SESSION['userdata']['language_names'];
-	       for ($i=0; $i < count($keys); $i++) {
-	           echo '<option';
-	           if ($keys[$i] == $_SESSION['userdata']['language'])
-	               echo ' selected';
-	           echo ' value="' . $keys[$i]. '">' . $names[$i] . '</option>'; 
-	       } 
-	     echo '</select> ';
-     }
-       echo " | ";
-      
-      
-	 echo "<a href='javascript:void(null)' id='logoutRef'>".$Text['nav_logout']."</a>";
- 
-   } else {
-     echo ("userdata not set");
-     header('Location:login.php');
-   }
+        // logout
+        echo "<a href='javascript:void(null)' id='logoutRef'>" .
+            $Text['nav_logout'] . "</a>";
+    } else {
+        echo "userdata not set";
+        header('Location:login.php');
+    }
 
 ?>
 	</p>
@@ -72,7 +75,7 @@
 			<ul>
 			<li>
             <?php 
-            	if($_SESSION['userdata']['current_role'] == 'Hacker Commission') {
+            	if (get_current_role() == 'Hacker Commission') {
      				echo '<a href="activate_all_roles.php">';
  				} else {
      				echo '<a href="activate_roles.php">';
diff --git a/php/lib/report_manager.php b/php/lib/report_manager.php
index 36633b41..20b73650 100644
--- a/php/lib/report_manager.php
+++ b/php/lib/report_manager.php
@@ -9,10 +9,6 @@
 require_once(__ROOT__ . 'local_config/config.php');
 require_once(__ROOT__ . 'php'.DS.'utilities'.DS.'general.php');
 
-if (!isset($_SESSION)) {
-    session_start();
- }
-
 require_once(__ROOT__ . 'local_config'.DS.'lang'.DS. get_session_language() . '.php');
 require_once(__ROOT__ . 'php/inc/database.php');
 
diff --git a/php/lib/report_orders.php b/php/lib/report_orders.php
index 71425b5c..d455652f 100644
--- a/php/lib/report_orders.php
+++ b/php/lib/report_orders.php
@@ -4,9 +4,6 @@
  */
 require_once(__ROOT__ . 'local_config/config.php');
 require_once(__ROOT__ . 'php/utilities/general.php');
-if (!isset($_SESSION)) {
-    session_start();
-}
 require_once(__ROOT__ . 'local_config/lang/' . get_session_language() . '.php');
 require_once(__ROOT__ . 'php/inc/database.php');
 
diff --git a/php/utilities/general.php b/php/utilities/general.php
index 98a2415d..6f9be02c 100644
--- a/php/utilities/general.php
+++ b/php/utilities/general.php
@@ -4,100 +4,196 @@
 require_once(__ROOT__ . 'local_config'.DS.'config.php');
 
 /**
- * 
+ * Creates a Aixada session of the user.
+ */
+function create_session(
+        $user_id, 
+        $login, 
+        $uf_id, 
+        $member_id, 
+        $provider_id, 
+        $roles, 
+        $current_role, 
+        $language_keys, 
+        $language_names, 
+        $current_language_key, 
+        $theme
+    ) {
+    load_session();
+    $_SESSION['userdata'] = array(
+        'user_id' => $user_id,
+        'login' => $login,
+        'uf_id' => $uf_id, 
+        'member_id' => $member_id, 
+        'provider_id' => $provider_id,
+        'roles' => $roles,
+        'current_role' => $current_role,
+        'language_keys' => $language_keys,
+        'language_names' => $language_names,
+        'language' => $current_language_key,
+        'theme' => $theme,
+        'cli_addr' => $_SERVER['REMOTE_ADDR'],
+        'cli_agent' => $_SERVER['HTTP_USER_AGENT'],
+        't_created' => time(),
+        't_saved' => time()
+    );
+    save_session();
+} 
+
+/**
+ * Load php session if is not yet loaded.
+ */
+function load_session() {
+    if (!isset($_SESSION)) {
+         session_start();
+    }
+}
+
+/**
+ * Determines if the Aixada session of the user exist, returns true/false
+ */
+function is_created_session() {
+    load_session();
+    return isset($_SESSION['userdata']);
+}
+
+/**
+ * Logout Aixada session destroying php session.
+ */
+function logout_session() {
+    load_session();
+    session_regenerate_id(true);
+    session_unset();
+    session_destroy();
+}
+
+/**
+ * Save Aixada session (only used in this general.php)
+ */
+function save_session() {
+    $_SESSION['userdata']['t_saved'] = time();
+    session_commit();
+}
+
+/**
+ * Validate the Aixada session, throw error if the user is not logged in.
+ */
+function validate_session() {
+    load_session();
+    if (!isset($_SESSION['userdata'])) {
+        throw new AuthException("Not logged in");
+    }
+    // For compatibility with old versions the creation tate is forced if it does not exist.
+    if (!isset($_SESSION['userdata']['t_saved'])) {
+        $_SESSION['userdata']['t_saved'] = time();
+        $_SESSION['userdata']['cli_addr'] = $_SERVER['REMOTE_ADDR'];
+        $_SESSION['userdata']['cli_agent'] = $_SERVER['HTTP_USER_AGENT'];
+    }
+
+    // Check if the session is still valid.
+    if ((time() - $_SESSION['userdata']['t_saved']) > 30 * 86400 || // More than 30 days inactive
+        $_SESSION['userdata']['cli_addr'] !== $_SERVER['REMOTE_ADDR'] || // Client IP address is changed
+        $_SESSION['userdata']['cli_agent'] !== $_SERVER['HTTP_USER_AGENT'] // Client browser is changed
+    ) {
+        logout_session();
+        throw new AuthException("Not logged in");
+    } 
+    if ((time() - $_SESSION['userdata']['t_saved']) > 15 * 60) { // > 15 min
+        save_session();
+        load_session();
+    }
+}
+
+/**
+ * Returns a value of the Aixada session, throw error if is not logged in.
+ */
+function get_session_value($name) {
+    validate_session();
+    return $_SESSION['userdata'][$name];
+}
+
+/**
  * Returns the user_id of the logged user; wraps a check around this, in order to make sure
  * the value is set. 
  */
 function get_session_user_id() {
-	
-	if (isset($_SESSION['userdata']['user_id']) && $_SESSION['userdata']['user_id'] > 0 ) {
-		return $_SESSION['userdata']['user_id'];
-	} else {
-		throw new Exception("$_Session data user_id is not set!! ");
-	}
+    return get_session_value('user_id');
 }
 
-
 /**
- * 
  * returns the uf of the logged user. 
  */
 function get_session_uf_id() {
-	
-	if (isset($_SESSION['userdata']['uf_id']) && $_SESSION['userdata']['uf_id'] > 0 ) {
-		return $_SESSION['userdata']['uf_id'];
-	} else {
-		throw new Exception("$_Session data uf_id is not set!! ");
-	}
+    return get_session_value('uf_id');
 }
 
-
 /**
- * 
  * Returns the member_id of the logged user. 
  */
 function get_session_member_id() {
-	
-	if (isset($_SESSION['userdata']['member_id']) && $_SESSION['userdata']['member_id'] > 0 ) {
-		return $_SESSION['userdata']['member_id'];
-	} else {
-		throw new Exception("$_Session data member_id is not set!! ");
-	}	
+    return get_session_value('member_id');
 }
 
 /**
- * 
  * Returns the login of the logged user. 
  */
 function get_session_login() {
-	
-	if (isset($_SESSION['userdata']['login']) && $_SESSION['userdata']['login'] != "") {
-		return $_SESSION['userdata']['login'];
-	} else {
-		throw new Exception("$_Session data login is not set!! ");
-	}	
+    return get_session_value('login');
 }
 
-
 /**
- * 
  * returns the language for the logged user
  */
 function get_session_language() {
-    if (isset($_SESSION['userdata']['language']) and $_SESSION['userdata']['language'] != '') {
-	return $_SESSION['userdata']['language'];
+    if (is_created_session()) {
+        return $_SESSION['userdata']['language'];
     } else {
-	return	configuration_vars::get_instance()->default_language;
+        return configuration_vars::get_instance()->default_language;
     }
 }
 
-
 /**
- * 
  * returns the theme for the logged user
  */
 function get_session_theme() {
-    if (isset($_SESSION['userdata']['theme']) and $_SESSION['userdata']['theme'] != '') {
+    if (is_created_session()) {
 		return $_SESSION['userdata']['theme'];
     } else {
 		return	configuration_vars::get_instance()->default_theme;
     }	 
 }
 
-
 /**
- * 
  * retrieves active role of the logged user
  */
 function get_current_role()
 {
-	 if (isset($_SESSION['userdata']['current_role']) and $_SESSION['userdata']['current_role'] != '') {
-		return $_SESSION['userdata']['current_role'];
-    } else {
-		return false; 
+    return get_session_value('current_role'); 
+}
+
+/**
+* Changes the role of a user. Information is written to $_SESSION['userdata'].
+*/
+function change_session_role($new_role) {
+    validate_session();
+    if (!in_array($new_role, $_SESSION['userdata']['roles'])) {
+        throw new AuthException("Not logged in role");
     }
+    $_SESSION['userdata']['current_role'] = $new_role;
+    save_session();
 }
 
+/**
+* Changes the language of a user. Information is written to $_SESSION['userdata'].
+*/
+function change_session_language($new_language_key) {
+    validate_session();
+    if (!in_array($new_language_key, $_SESSION['userdata']['language_keys'])) {
+        throw new AuthException("Language is not valid");
+    }
+    $_SESSION['userdata']['language'] = $new_language_key;
+    save_session();
+}
 
 /**
  *