diff --git a/Global.h b/Global.h
index b60924f..da6693f 100644
--- a/Global.h
+++ b/Global.h
@@ -32,6 +32,7 @@ namespace  jet {
       std::map<coreutils::MString, coreutils::MString> tags;
       char **envp;
       bool cgi = false;
+      bool session = false;
       
    };
 
diff --git a/__jet.cpp b/__jet.cpp
index 60b789e..64e0fd1 100644
--- a/__jet.cpp
+++ b/__jet.cpp
@@ -9,15 +9,32 @@ namespace jet {
       if(keywordDefined("cgi") && (resolveKeyword("cgi") == "true")) {
 	 global.cgi = true;
 
+	 cookies = getenv("HTTP_COOKIE");
+	 
 	 if(keywordDefined("sessiondir")) {
-	      
+	    global.session = true;
 //	    if request_has_cookie then
 //	      pull sessionfile from sessiondir.
+//	      if last activity time is expired then ignore.
+//	      follow sessiontimeoutredirecturl.
 //	    else
 //	      generate new session id.
 //	      create session cookie in response.
-	      
-
+	    char hashit[64];
+	    char hash[32];
+	    sprintf(hashit, "JETSESSION%ld", time(0));
+	    SHA1(hashit, strlen(hashit), hash);
+	    sprintf(hashname, "%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
+		    hash[0], hash[1], hash[2], hash[3], hash[4], hash[5], hash[6], hash[7], hash[8], hash[9],
+		    hash[10], hash[11], hash[12], hash[13], hash[14], hash[15], hash[16], hash[17], hash[18], hash[19]);	                                                    
+	    coreutils::ZString sessionCookie(hash);
+	    global.headers[keywords["Set-Cookie"]] << "session=" << sessionCookie;
+	    if(keywordDefined("sessiontimeout")) {
+	       time_t timeout = time(0) + keywords["sessiontimeout"].asInteger();
+	    }
+	    
+//                 also save last activity time in session file.
+	    
 	 }
 	 	 
 	 coreutils::ZString requestMethod(getenv("REQUEST_METHOD"));