sub load_session {
    my $self = shift;
    my $sid = shift;
    return undef unless $sid;

    ##########
    #
    # Grab a valid matching session, assuming it hasn't expired yet.
    #
    my $dbh = $self->_db_handle();
    my $sth = $dbh->prepare("SELECT * FROM mapps_sessions WHERE sid=? AND expires > NOW()");
    unless ($sth->execute($sid) && $sth->rows()) {
        return undef;
    }
    my $row = $sth->fetchrow_hashref;
    return undef unless $row;

    # thaw the data and make it accessable.
    $self->{data} = thaw($row->{data});
    $self->{uid} = $row->{uid};

    ##########
    #
    # Update it to be sure it doesn't expire.
    # FIXME: should this be done in the script
    # or in another handler?
    #
    my $s = $self->update_session($sid);
    unless ($s) {
        return undef;
    }
    return $self->{data}->{uid};
    return undef;
}

##</code><code>##

use strict;
use warnings;

use lib "/usr/local/apache/virtual/itiv/modules";
use Mapps::Session;
use Mapps::Auth;

####################
# Get current session
# and check for expiry

my $sid;

# get session id from cookie
my $cookies = Apache::Cookie->fetch();
if ($cookies->{license_session}) {
    $sid =  $cookies->{license_session}->value();

    # load session from db
    my $s = Mapps::Session->new();
    $s->load_session($sid);

    # session is good continue
    if (defined $s){
        $m->call_next;
    }
# Else session is undefined
# or cookie does not exist.
# Delete cookie and
# redirect to login.
}else{
    # set cookie
    Apache::Cookie->new( $r,
        name => 'license_session',
        value => '',
        path => '/',
    )->bake;
    my $url = $m->comp('/login.html', msg=>"Invalid session or cookie");
    print "$url\n\n";
}