From 23e91f0b477533375a0a6acec04fe02367ab5bda Mon Sep 17 00:00:00 2001
From: Bui Sy Nguyen <nguyenbs@projectkit.net>
Date: Fri, 22 Jan 2016 14:23:15 +0700
Subject: [PATCH] Implement #6: remove Zend_Session** class and use
 fproject\amf\session\** classes instead

---
 fproject/Zend/Amf/Server.php                  |  10 +-
 fproject/Zend/Loader/Autoloader/Interface.php |  43 -
 fproject/Zend/Session/Exception.php           |  74 --
 .../Zend/Session/SaveHandler/Interface.php    |  81 --
 fproject/Zend/Session/Validator/Interface.php |  52 --
 fproject/amf/session/Session.php              | 850 ++++++++++++++++++
 .../session/SessionAbstract.php}              |  77 +-
 fproject/amf/session/SessionException.php     |  65 ++
 .../session/SessionNamespace.php}             | 190 ++--
 .../session/SessionSaveHandlerInterface.php   |  70 ++
 .../amf/session/SessionValidatorInterface.php |  41 +
 tests/Zend/Amf/ServerTest.php                 |   7 +-
 12 files changed, 1114 insertions(+), 446 deletions(-)
 delete mode 100644 fproject/Zend/Loader/Autoloader/Interface.php
 delete mode 100644 fproject/Zend/Session/Exception.php
 delete mode 100644 fproject/Zend/Session/SaveHandler/Interface.php
 delete mode 100644 fproject/Zend/Session/Validator/Interface.php
 create mode 100644 fproject/amf/session/Session.php
 rename fproject/{Zend/Session/Abstract.php => amf/session/SessionAbstract.php} (71%)
 create mode 100644 fproject/amf/session/SessionException.php
 rename fproject/{Zend/Session/Namespace.php => amf/session/SessionNamespace.php} (66%)
 create mode 100644 fproject/amf/session/SessionSaveHandlerInterface.php
 create mode 100644 fproject/amf/session/SessionValidatorInterface.php

diff --git a/fproject/Zend/Amf/Server.php b/fproject/Zend/Amf/Server.php
index 106cc9b..2f343bc 100644
--- a/fproject/Zend/Amf/Server.php
+++ b/fproject/Zend/Amf/Server.php
@@ -43,9 +43,6 @@
 /** @see Zend_Amf_Parse_TypeLoader */
 require_once 'Zend/Amf/Parse/TypeLoader.php';
 
-/** @see Zend_Auth */
-require_once 'Zend/Auth.php';
-
 use fproject\amf\auth\AuthAbstract;
 
 /**
@@ -213,7 +210,6 @@ public function isProduction()
      */
     public function setSession($namespace = 'Zend_Amf')
     {
-        require_once 'Zend/Session.php';
         $this->_session = true;
         return $this;
     }
@@ -255,7 +251,7 @@ protected function _checkAcl($object, $function)
             $class = null;
         }
 
-        $auth = Zend_Auth::getInstance();
+        $auth = \fproject\amf\auth\Auth::getInstance();
         if($auth->hasIdentity()) {
             $role = $auth->getIdentity()->role;
         } else {
@@ -407,7 +403,7 @@ protected function _loadCommandMessage(Zend_Amf_Value_Messaging_CommandMessage $
                 break;
            case Zend_Amf_Value_Messaging_CommandMessage::LOGOUT_OPERATION :
                 if($this->_auth) {
-                    Zend_Auth::getInstance()->clearIdentity();
+                    \fproject\amf\auth\Auth::getInstance()->clearIdentity();
                 }
                 $return = new Zend_Amf_Value_Messaging_AcknowledgeMessage($message);
                 break;
@@ -466,7 +462,7 @@ protected function _handleAuth( $userId,  $password)
             return true;
         }
         $this->_auth->setCredentials($userId, $password);
-        $auth = Zend_Auth::getInstance();
+        $auth = \fproject\amf\auth\Auth::getInstance();
         $result = $auth->authenticate($this->_auth);
         if ($result->isValid()) {
             if (!$this->isSession()) {
diff --git a/fproject/Zend/Loader/Autoloader/Interface.php b/fproject/Zend/Loader/Autoloader/Interface.php
deleted file mode 100644
index 768b734..0000000
--- a/fproject/Zend/Loader/Autoloader/Interface.php
+++ /dev/null
@@ -1,43 +0,0 @@
-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category   Zend
- * @package    Zend_Loader
- * @subpackage Autoloader
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @version    $Id$
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- */
-
-/**
- * Autoloader interface
- *
- * @package    Zend_Loader
- * @subpackage Autoloader
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- */
-interface Zend_Loader_Autoloader_Interface
-{
-    /**
-     * Autoload a class
-     *
-     * @abstract
-     * @param   string $class
-     * @return  mixed
-     *          False [if unable to load $class]
-     *          get_class($class) [if $class is successfully loaded]
-     */
-    public function autoload($class);
-}
diff --git a/fproject/Zend/Session/Exception.php b/fproject/Zend/Session/Exception.php
deleted file mode 100644
index 69ec396..0000000
--- a/fproject/Zend/Session/Exception.php
+++ /dev/null
@@ -1,74 +0,0 @@
-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category   Zend
- * @package    Zend_Session
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id$
- * @since      Preview Release 0.2
- */
-
-
-/**
- * @see Zend_Exception
- */
-require_once 'Zend/Exception.php';
-
-
-/**
- * Zend_Session_Exception
- *
- * @category   Zend
- * @package    Zend_Session
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- */
-class Zend_Session_Exception extends Zend_Exception
-{
-    /**
-     * sessionStartError
-     *
-     * @see http://framework.zend.com/issues/browse/ZF-1325
-     * @var string PHP Error Message
-     */
-    static public $sessionStartError = null;
-
-    /**
-     * handleSessionStartError() - interface for set_error_handler()
-     *
-     * @see    http://framework.zend.com/issues/browse/ZF-1325
-     * @param  int    $errno
-     * @param  string $errstr
-     * @return void
-     */
-    static public function handleSessionStartError($errno, $errstr, $errfile, $errline, $errcontext)
-    {
-        self::$sessionStartError = $errfile . '(Line:' . $errline . '): Error #' . $errno . ' ' . $errstr;
-    }
-
-    /**
-     * handleSilentWriteClose() - interface for set_error_handler()
-     *
-     * @see    http://framework.zend.com/issues/browse/ZF-1325
-     * @param  int    $errno
-     * @param  string $errstr
-     * @return void
-     */
-    static public function handleSilentWriteClose($errno, $errstr, $errfile, $errline, $errcontext)
-    {
-        self::$sessionStartError .= PHP_EOL . $errfile . '(Line:' . $errline . '): Error #' . $errno . ' ' . $errstr;
-    }
-}
-
diff --git a/fproject/Zend/Session/SaveHandler/Interface.php b/fproject/Zend/Session/SaveHandler/Interface.php
deleted file mode 100644
index 5c04f44..0000000
--- a/fproject/Zend/Session/SaveHandler/Interface.php
+++ /dev/null
@@ -1,81 +0,0 @@
-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category   Zend
- * @package    Zend_Session
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id$
- * @since      Preview Release 0.2
- */
-
-/**
- * Zend_Session_SaveHandler_Interface
- *
- * @category   Zend
- * @package    Zend_Session
- * @subpackage SaveHandler
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @see        http://php.net/session_set_save_handler
- */
-interface Zend_Session_SaveHandler_Interface
-{
-
-    /**
-     * Open Session - retrieve resources
-     *
-     * @param string $save_path
-     * @param string $name
-     */
-    public function open($save_path, $name);
-
-    /**
-     * Close Session - free resources
-     *
-     */
-    public function close();
-
-    /**
-     * Read session data
-     *
-     * @param string $id
-     */
-    public function read($id);
-
-    /**
-     * Write Session - commit data to resource
-     *
-     * @param string $id
-     * @param mixed $data
-     */
-    public function write($id, $data);
-
-    /**
-     * Destroy Session - remove data from resource for
-     * given session id
-     *
-     * @param string $id
-     */
-    public function destroy($id);
-
-    /**
-     * Garbage Collection - remove old session data older
-     * than $maxlifetime (in seconds)
-     *
-     * @param int $maxlifetime
-     */
-    public function gc($maxlifetime);
-
-}
diff --git a/fproject/Zend/Session/Validator/Interface.php b/fproject/Zend/Session/Validator/Interface.php
deleted file mode 100644
index eb75247..0000000
--- a/fproject/Zend/Session/Validator/Interface.php
+++ /dev/null
@@ -1,52 +0,0 @@
-<?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category   Zend
- * @package    Zend_Session
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id$
- * @since      Preview Release 0.2
- */
-
-/**
- * Zend_Session_Validator_Interface
- *
- * @category   Zend
- * @package    Zend_Session
- * @subpackage Validator
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- */
-interface Zend_Session_Validator_Interface
-{
-
-    /**
-     * Setup() - this method will store the environment variables
-     * necessary to be able to validate against in future requests.
-     *
-     * @return void
-     */
-    public function setup();
-
-    /**
-     * Validate() - this method will be called at the beginning of
-     * every session to determine if the current environment matches
-     * that which was store in the setup() procedure.
-     *
-     * @return boolean
-     */
-    public function validate();
-
-}
diff --git a/fproject/amf/session/Session.php b/fproject/amf/session/Session.php
new file mode 100644
index 0000000..be42f5e
--- /dev/null
+++ b/fproject/amf/session/Session.php
@@ -0,0 +1,850 @@
+<?php
+///////////////////////////////////////////////////////////////////////////////
+//
+// © Copyright f-project.net 2010-present.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+namespace fproject\amf\session;
+
+class Session extends SessionAbstract
+{
+    /**
+     * Whether or not Zend_Session is being used with unit tests
+     *
+     * @internal
+     * @var bool
+     */
+    public static $_unitTestEnabled = false;
+
+    /**
+     * $_throwStartupException
+     *
+     * @var mixed This could also be a combination of error codes to catch
+     */
+    protected static $_throwStartupExceptions = true;
+
+    /**
+     * Check whether or not the session was started
+     *
+     * @var bool
+     */
+    private static $_sessionStarted = false;
+
+    /**
+     * Whether or not the session id has been regenerated this request.
+     *
+     * Id regeneration state
+     * <0 - regenerate requested when session is started
+     * 0  - do nothing
+     * >0 - already called session_regenerate_id()
+     *
+     * @var int
+     */
+    private static $_regenerateIdState = 0;
+
+    /**
+     * Private list of php's ini values for ext/session
+     * null values will default to the php.ini value, otherwise
+     * the value below will overwrite the default ini value, unless
+     * the user has set an option explicity with setOptions()
+     *
+     * @var array
+     */
+    private static $_defaultOptions = array(
+        'save_path'                 => null,
+        'name'                      => null, /* this should be set to a unique value for each application */
+        'save_handler'              => null,
+        //'auto_start'                => null, /* intentionally excluded (see manual) */
+        'gc_probability'            => null,
+        'gc_divisor'                => null,
+        'gc_maxlifetime'            => null,
+        'serialize_handler'         => null,
+        'cookie_lifetime'           => null,
+        'cookie_path'               => null,
+        'cookie_domain'             => null,
+        'cookie_secure'             => null,
+        'cookie_httponly'           => null,
+        'use_cookies'               => null,
+        'use_only_cookies'          => 'on',
+        'referer_check'             => null,
+        'entropy_file'              => null,
+        'entropy_length'            => null,
+        'cache_limiter'             => null,
+        'cache_expire'              => null,
+        'use_trans_sid'             => null,
+        'bug_compat_42'             => null,
+        'bug_compat_warn'           => null,
+        'hash_function'             => null,
+        'hash_bits_per_character'   => null
+    );
+
+    /**
+     * List of options pertaining to Zend_Session that can be set by developers
+     * using Zend_Session::setOptions(). This list intentionally duplicates
+     * the individual declaration of static "class" variables by the same names.
+     *
+     * @var array
+     */
+    private static $_localOptions = array(
+        'strict'                => '_strict',
+        'remember_me_seconds'   => '_rememberMeSeconds',
+        'throw_startup_exceptions' => '_throwStartupExceptions'
+    );
+
+    /**
+     * Whether or not write close has been performed.
+     *
+     * @var bool
+     */
+    private static $_writeClosed = false;
+
+    /**
+     * Whether or not session id cookie has been deleted
+     *
+     * @var bool
+     */
+    private static $_sessionCookieDeleted = false;
+
+    /**
+     * Whether or not session has been destroyed via session_destroy()
+     *
+     * @var bool
+     */
+    private static $_destroyed = false;
+
+    /**
+     * Whether or not session must be initiated before usage
+     *
+     * @var bool
+     */
+    private static $_strict = false;
+
+    /**
+     * Default number of seconds the session will be remembered for when asked to be remembered
+     *
+     * @var int
+     */
+    private static $_rememberMeSeconds = 1209600; // 2 weeks
+
+    /**
+     * Whether the default options listed in Zend_Session::$_localOptions have been set
+     *
+     * @var bool
+     */
+    private static $_defaultOptionsSet = false;
+
+    /**
+     * A reference to the set session save handler
+     *
+     * @var SessionSaveHandlerInterface
+     */
+    private static $_saveHandler = null;
+
+
+    /**
+     * Constructor overriding - make sure that a developer cannot instantiate
+     */
+    protected function __construct()
+    {
+    }
+
+
+    /**
+     * setOptions - set both the class specified
+     *
+     * @param  array $userOptions - pass-by-keyword style array of <option name, option value> pairs
+     * @throws SessionException
+     * @return void
+     */
+    public static function setOptions(array $userOptions = array())
+    {
+        // set default options on first run only (before applying user settings)
+        if (!self::$_defaultOptionsSet) {
+            foreach (self::$_defaultOptions as $defaultOptionName => $defaultOptionValue) {
+                if (isset(self::$_defaultOptions[$defaultOptionName])) {
+                    ini_set("session.$defaultOptionName", $defaultOptionValue);
+                }
+            }
+
+            self::$_defaultOptionsSet = true;
+        }
+
+        // set the options the user has requested to set
+        foreach ($userOptions as $userOptionName => $userOptionValue) {
+
+            $userOptionName = strtolower($userOptionName);
+
+            // set the ini based values
+            if (array_key_exists($userOptionName, self::$_defaultOptions)) {
+                ini_set("session.$userOptionName", $userOptionValue);
+            }
+            elseif (isset(self::$_localOptions[$userOptionName])) {
+                self::${self::$_localOptions[$userOptionName]} = $userOptionValue;
+            }
+            else {
+                throw new SessionException("Unknown option: $userOptionName = $userOptionValue");
+            }
+        }
+    }
+
+    /**
+     * getOptions()
+     *
+     * @param string $optionName OPTIONAL
+     * @return array|string
+     */
+    public static function getOptions($optionName = null)
+    {
+        $options = [];
+        foreach (ini_get_all('session') as $sysOptionName => $sysOptionValues) {
+            $options[substr($sysOptionName, 8)] = $sysOptionValues['local_value'];
+        }
+        foreach (self::$_localOptions as $localOptionName => $localOptionMemberName) {
+            $options[$localOptionName] = self::${$localOptionMemberName};
+        }
+
+        if ($optionName) {
+            if (array_key_exists($optionName, $options)) {
+                return $options[$optionName];
+            }
+            return null;
+        }
+
+        return $options;
+    }
+
+    /**
+     * setSaveHandler() - Session Save Handler assignment
+     *
+     * @param SessionSaveHandlerInterface $saveHandler
+     * @throws SessionException When the session_set_save_handler call fails
+     */
+    public static function setSaveHandler($saveHandler)
+    {
+        self::$_saveHandler = $saveHandler;
+
+        if (self::$_unitTestEnabled) {
+            return;
+        }
+
+        $result = session_set_save_handler(
+            array(&$saveHandler, 'open'),
+            array(&$saveHandler, 'close'),
+            array(&$saveHandler, 'read'),
+            array(&$saveHandler, 'write'),
+            array(&$saveHandler, 'destroy'),
+            array(&$saveHandler, 'gc')
+            );
+
+        if (!$result) {
+            throw new SessionException('Unable to set session handler');
+        }
+    }
+
+
+    /**
+     * getSaveHandler() - Get the session Save Handler
+     *
+     * @return SessionSaveHandlerInterface
+     */
+    public static function getSaveHandler()
+    {
+        return self::$_saveHandler;
+    }
+
+
+    /**
+     * regenerateId() - Regenerate the session id.  Best practice is to call this after
+     * session is started.  If called prior to session starting, session id will be regenerated
+     * at start time.
+     *
+     * @throws SessionException
+     * @return void
+     */
+    public static function regenerateId()
+    {
+        if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
+            throw new SessionException("You must call " . __CLASS__ . '::' . __FUNCTION__ .
+                "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
+        }
+
+        if ( !self::$_sessionStarted ) {
+            self::$_regenerateIdState = -1;
+        } else {
+            if (!self::$_unitTestEnabled) {
+                session_regenerate_id(true);
+            }
+            self::$_regenerateIdState = 1;
+        }
+    }
+
+
+    /**
+     * rememberMe() - Write a persistent cookie that expires after a number of seconds in the future. If no number of
+     * seconds is specified, then this defaults to self::$_rememberMeSeconds.  Due to clock errors on end users' systems,
+     * large values are recommended to avoid undesirable expiration of session cookies.
+     *
+     * @param int $seconds OPTIONAL specifies TTL for cookie in seconds from present time
+     * @return void
+     */
+    public static function rememberMe($seconds = null)
+    {
+        $seconds = (int) $seconds;
+        $seconds = ($seconds > 0) ? $seconds : self::$_rememberMeSeconds;
+
+        self::rememberUntil($seconds);
+    }
+
+
+    /**
+     * forgetMe() - Write a volatile session cookie, removing any persistent cookie that may have existed. The session
+     * would end upon, for example, termination of a web browser program.
+     *
+     * @return void
+     */
+    public static function forgetMe()
+    {
+        self::rememberUntil(0);
+    }
+
+
+    /**
+     * rememberUntil() - This method does the work of changing the state of the session cookie and making
+     * sure that it gets resent to the browser via regenerateId()
+     *
+     * @param int $seconds
+     * @return void
+     */
+    public static function rememberUntil($seconds = 0)
+    {
+        if (self::$_unitTestEnabled) {
+            self::regenerateId();
+            return;
+        }
+
+        $cookieParams = session_get_cookie_params();
+
+        session_set_cookie_params(
+            $seconds,
+            $cookieParams['path'],
+            $cookieParams['domain'],
+            $cookieParams['secure']
+            );
+
+        // normally "rememberMe()" represents a security context change, so should use new session id
+        self::regenerateId();
+    }
+
+
+    /**
+     * sessionExists() - whether or not a session exists for the current request
+     *
+     * @return bool
+     */
+    public static function sessionExists()
+    {
+        if ((bool)ini_get('session.use_cookies') == true && isset($_COOKIE[session_name()])) {
+            return true;
+        } elseif ((bool)ini_get('session.use_only_cookies') == false && isset($_REQUEST[session_name()])) {
+            return true;
+        } elseif (self::$_unitTestEnabled) {
+            return true;
+        }
+
+        return false;
+    }
+
+
+    /**
+     * Whether or not session has been destroyed via session_destroy()
+     *
+     * @return bool
+     */
+    public static function isDestroyed()
+    {
+        return self::$_destroyed;
+    }
+
+
+    /**
+     * start() - Start the session.
+     *
+     * @param bool|array $options  OPTIONAL Either user supplied options, or flag indicating if start initiated automatically
+     * @throws SessionException
+     * @return void
+     */
+    public static function start($options = false)
+    {
+        // Check to see if we've been passed an invalid session ID
+        if ( self::getId() && !self::_checkId(self::getId()) ) {
+            // Generate a valid, temporary replacement
+            self::setId(md5(self::getId()));
+            // Force a regenerate after session is started
+            self::$_regenerateIdState = -1;
+        }
+
+        if (self::$_sessionStarted && self::$_destroyed) {
+            throw new SessionException('The session was explicitly destroyed during this request, attempting to re-start is not allowed.');
+        }
+
+        if (self::$_sessionStarted) {
+            return; // already started
+        }
+
+        // make sure our default options (at the least) have been set
+        if (!self::$_defaultOptionsSet) {
+            self::setOptions(is_array($options) ? $options : array());
+        }
+
+        // In strict mode, do not allow auto-starting Zend_Session, such as via "new SessionNamespace()"
+        if (self::$_strict && $options === true) {
+            throw new SessionException('You must explicitly start the session with Zend_Session::start() when session options are set to strict.');
+        }
+
+        $filename = $linenum = null;
+        if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
+            throw new SessionException("Session must be started before any output has been sent to the browser;"
+               . " output started in {$filename}/{$linenum}");
+        }
+
+        // See http://www.php.net/manual/en/ref.session.php for explanation
+        if (!self::$_unitTestEnabled && defined('SID')) {
+            throw new SessionException('session has already been started by session.auto-start or session_start()');
+        }
+
+        /**
+         * Hack to throw exceptions on start instead of php errors
+         * @see http://framework.zend.com/issues/browse/ZF-1325
+         */
+
+        $errorLevel = (is_int(self::$_throwStartupExceptions)) ? self::$_throwStartupExceptions : E_ALL;
+
+        /** @see SessionException */
+        if (!self::$_unitTestEnabled) {
+
+            if (self::$_throwStartupExceptions) {
+                set_error_handler(array('SessionException', 'handleSessionStartError'), $errorLevel);
+            }
+
+            $startedCleanly = session_start();
+
+            if (self::$_throwStartupExceptions) {
+                restore_error_handler();
+            }
+
+            if (!$startedCleanly || SessionException::$sessionStartError != null) {
+                if (self::$_throwStartupExceptions) {
+                    set_error_handler(array('SessionException', 'handleSilentWriteClose'), $errorLevel);
+                }
+                session_write_close();
+                if (self::$_throwStartupExceptions) {
+                    restore_error_handler();
+                    throw new SessionException(__CLASS__ . '::' . __FUNCTION__ . '() - ' . SessionException::$sessionStartError);
+                }
+            }
+        }
+
+        parent::$_readable = true;
+        parent::$_writable = true;
+        self::$_sessionStarted = true;
+        if (self::$_regenerateIdState === -1) {
+            self::regenerateId();
+        }
+
+        // run validators if they exist
+        if (isset($_SESSION['__ZF']['VALID'])) {
+            self::_processValidators();
+        }
+
+        self::_processStartupMetadataGlobal();
+    }
+
+    /**
+     * Perform a hash-bits check on the session ID
+     *
+     * @param string $id Session ID
+     * @return bool
+     */
+    protected static function _checkId($id)
+    {
+        $saveHandler = ini_get('session.save_handler');
+        if ($saveHandler == 'cluster') { // Zend Server SC, validate only after last dash
+            $dashPos = strrpos($id, '-');
+            if ($dashPos) {
+                $id = substr($id, $dashPos + 1);
+            }
+        }
+
+        $hashBitsPerChar = ini_get('session.hash_bits_per_character');
+        if (!$hashBitsPerChar) {
+            $hashBitsPerChar = 5; // the default value
+        }
+        switch($hashBitsPerChar) {
+            case 4: $pattern = '^[0-9a-f]*$'; break;
+            case 5: $pattern = '^[0-9a-v]*$'; break;
+            case 6: $pattern = '^[0-9a-zA-Z-,]*$'; break;
+        }
+        /** @var $pattern */
+        return preg_match('#'.$pattern.'#', $id);
+    }
+
+
+    /**
+     * _processGlobalMetadata() - this method initizes the sessions GLOBAL
+     * metadata, mostly global data expiration calculations.
+     *
+     * @return void
+     */
+    private static function _processStartupMetadataGlobal()
+    {
+        // process global metadata
+        if (isset($_SESSION['__ZF'])) {
+
+            // expire globally expired values
+            foreach ($_SESSION['__ZF'] as $namespace => $namespace_metadata) {
+
+                // Expire Namespace by Time (ENT)
+                if (isset($namespace_metadata['ENT']) && ($namespace_metadata['ENT'] > 0) && (time() > $namespace_metadata['ENT']) ) {
+                    unset($_SESSION[$namespace]);
+                    unset($_SESSION['__ZF'][$namespace]);
+                }
+
+                // Expire Namespace by Global Hop (ENGH) if it wasnt expired above
+                if (isset($_SESSION['__ZF'][$namespace]) && isset($namespace_metadata['ENGH']) && $namespace_metadata['ENGH'] >= 1) {
+
+                    $_SESSION['__ZF'][$namespace]['ENGH']--;
+
+                    if ($_SESSION['__ZF'][$namespace]['ENGH'] === 0) {
+                        if (isset($_SESSION[$namespace])) {
+                            parent::$_expiringData[$namespace] = $_SESSION[$namespace];
+                            unset($_SESSION[$namespace]);
+                        }
+                        unset($_SESSION['__ZF'][$namespace]);
+                    }
+                }
+
+                // Expire Namespace Variables by Time (ENVT)
+                if (isset($namespace_metadata['ENVT'])) {
+                    foreach ($namespace_metadata['ENVT'] as $variable => $time) {
+                        if (time() > $time) {
+                            unset($_SESSION[$namespace][$variable]);
+                            unset($_SESSION['__ZF'][$namespace]['ENVT'][$variable]);
+                        }
+                    }
+                    if (empty($_SESSION['__ZF'][$namespace]['ENVT'])) {
+                        unset($_SESSION['__ZF'][$namespace]['ENVT']);
+                    }
+                }
+
+                // Expire Namespace Variables by Global Hop (ENVGH)
+                if (isset($namespace_metadata['ENVGH'])) {
+                    foreach ($namespace_metadata['ENVGH'] as $variable => $hops) {
+                        $_SESSION['__ZF'][$namespace]['ENVGH'][$variable]--;
+
+                        if ($_SESSION['__ZF'][$namespace]['ENVGH'][$variable] === 0) {
+                            if (isset($_SESSION[$namespace][$variable])) {
+                                parent::$_expiringData[$namespace][$variable] = $_SESSION[$namespace][$variable];
+                                unset($_SESSION[$namespace][$variable]);
+                            }
+                            unset($_SESSION['__ZF'][$namespace]['ENVGH'][$variable]);
+                        }
+                    }
+                    if (empty($_SESSION['__ZF'][$namespace]['ENVGH'])) {
+                        unset($_SESSION['__ZF'][$namespace]['ENVGH']);
+                    }
+                }
+                
+                if (isset($namespace) && empty($_SESSION['__ZF'][$namespace])) {
+                    unset($_SESSION['__ZF'][$namespace]);
+                }
+            }
+        }
+
+        if (isset($_SESSION['__ZF']) && empty($_SESSION['__ZF'])) {
+            unset($_SESSION['__ZF']);
+        }
+    }
+
+
+    /**
+     * isStarted() - convenience method to determine if the session is already started.
+     *
+     * @return bool
+     */
+    public static function isStarted()
+    {
+        return self::$_sessionStarted;
+    }
+
+
+    /**
+     * isRegenerated() - convenience method to determine if session_regenerate_id()
+     * has been called during this request by Zend_Session.
+     *
+     * @return bool
+     */
+    public static function isRegenerated()
+    {
+        return ( (self::$_regenerateIdState > 0) ? true : false );
+    }
+
+
+    /**
+     * getId() - get the current session id
+     *
+     * @return string
+     */
+    public static function getId()
+    {
+        return session_id();
+    }
+
+
+    /**
+     * setId() - set an id to a user specified id
+     *
+     * @throws SessionException
+     * @param string $id
+     * @return void
+     */
+    public static function setId($id)
+    {
+        if (!self::$_unitTestEnabled && defined('SID')) {
+            throw new SessionException('The session has already been started.  The session id must be set first.');
+        }
+
+        if (!self::$_unitTestEnabled && headers_sent($filename, $linenum)) {
+            throw new SessionException("You must call ".__CLASS__.'::'.__FUNCTION__.
+                "() before any output has been sent to the browser; output started in {$filename}/{$linenum}");
+        }
+
+        if (!is_string($id) || $id === '') {
+            throw new SessionException('You must provide a non-empty string as a session identifier.');
+        }
+
+        session_id($id);
+    }
+
+
+    /**
+     * registerValidator() - register a validator that will attempt to validate this session for
+     * every future request
+     *
+     * @param SessionValidatorInterface $validator
+     * @return void
+     */
+    public static function registerValidator(SessionValidatorInterface $validator)
+    {
+        $validator->setup();
+    }
+
+
+    /**
+     * stop() - Disable write access.  Optionally disable read (not implemented).
+     *
+     * @return void
+     */
+    public static function stop()
+    {
+        parent::$_writable = false;
+    }
+
+
+    /**
+     * writeClose() - Shutdown the sesssion, close writing and detach $_SESSION from the back-end storage mechanism.
+     * This will complete the internal data transformation on this request.
+     *
+     * @param bool $readonly - OPTIONAL remove write access (i.e. throw error if Zend_Session's attempt writes)
+     * @return void
+     */
+    public static function writeClose($readonly = true)
+    {
+        if (self::$_unitTestEnabled) {
+            return;
+        }
+
+        if (self::$_writeClosed) {
+            return;
+        }
+
+        if ($readonly) {
+            parent::$_writable = false;
+        }
+
+        session_write_close();
+        self::$_writeClosed = true;
+    }
+
+
+    /**
+     * destroy() - This is used to destroy session data, and optionally, the session cookie itself
+     *
+     * @param bool $remove_cookie - OPTIONAL remove session id cookie, defaults to true (remove cookie)
+     * @param bool $readonly - OPTIONAL remove write access (i.e. throw error if Zend_Session's attempt writes)
+     * @return void
+     */
+    public static function destroy($remove_cookie = true, $readonly = true)
+    {
+        if (self::$_unitTestEnabled) {
+            return;
+        }
+
+        if (self::$_destroyed) {
+            return;
+        }
+
+        if ($readonly) {
+            parent::$_writable = false;
+        }
+
+        session_destroy();
+        self::$_destroyed = true;
+
+        if ($remove_cookie) {
+            self::expireSessionCookie();
+        }
+    }
+
+
+    /**
+     * expireSessionCookie() - Sends an expired session id cookie, causing the client to delete the session cookie
+     *
+     * @return void
+     */
+    public static function expireSessionCookie()
+    {
+        if (self::$_unitTestEnabled) {
+            return;
+        }
+
+        if (self::$_sessionCookieDeleted) {
+            return;
+        }
+
+        self::$_sessionCookieDeleted = true;
+
+        if (isset($_COOKIE[session_name()])) {
+            $cookie_params = session_get_cookie_params();
+
+            setcookie(
+                session_name(),
+                false,
+                315554400, // strtotime('1980-01-01'),
+                $cookie_params['path'],
+                $cookie_params['domain'],
+                $cookie_params['secure']
+                );
+        }
+    }
+
+
+    /**
+     * _processValidator() - internal function that is called in the existence of VALID metadata
+     *
+     * @throws SessionException
+     * @return void
+     */
+    private static function _processValidators()
+    {
+        foreach ($_SESSION['__ZF']['VALID'] as $validator_name => $valid_data) {
+            if (!class_exists($validator_name)) {
+                require_once 'Zend/Loader.php';
+                \Zend_Loader::loadClass($validator_name);
+            }
+            /** @var SessionValidatorInterface $validator */
+            $validator = new $validator_name;
+            if ($validator->validate() === false) {
+                throw new SessionException("This session is not valid according to {$validator_name}.");
+            }
+        }
+    }
+
+
+    /**
+     * namespaceIsset() - check to see if a namespace is set
+     *
+     * @param string $namespace
+     * @return bool
+     */
+    public static function namespaceIsset($namespace)
+    {
+        return parent::_namespaceIsset($namespace);
+    }
+
+
+    /**
+     * namespaceUnset() - unset a namespace or a variable within a namespace
+     *
+     * @param string $namespace
+     * @throws SessionException
+     * @return void
+     */
+    public static function namespaceUnset($namespace)
+    {
+        parent::_namespaceUnset($namespace);
+        SessionNamespace::resetSingleInstance($namespace);
+    }
+
+
+    /**
+     * getIterator() - return an iteratable object for use in foreach and the like,
+     * this completes the IteratorAggregate interface
+     *
+     * @throws SessionException
+     * @return \ArrayObject
+     */
+    public static function getIterator()
+    {
+        if (parent::$_readable === false) {
+            throw new SessionException(parent::_THROW_NOT_READABLE_MSG);
+        }
+
+        $spaces  = [];
+        if (isset($_SESSION)) {
+            $spaces = array_keys($_SESSION);
+            foreach($spaces as $key => $space) {
+                if (!strncmp($space, '__', 2) || !is_array($_SESSION[$space])) {
+                    unset($spaces[$key]);
+                }
+            }
+        }
+
+        return new \ArrayObject(array_merge($spaces, array_keys(parent::$_expiringData)));
+    }
+
+
+    /**
+     * isWritable() - returns a boolean indicating if namespaces can write (use setters)
+     *
+     * @return bool
+     */
+    public static function isWritable()
+    {
+        return parent::$_writable;
+    }
+
+
+    /**
+     * isReadable() - returns a boolean indicating if namespaces can write (use setters)
+     *
+     * @return bool
+     */
+    public static function isReadable()
+    {
+        return parent::$_readable;
+    }
+
+}
diff --git a/fproject/Zend/Session/Abstract.php b/fproject/amf/session/SessionAbstract.php
similarity index 71%
rename from fproject/Zend/Session/Abstract.php
rename to fproject/amf/session/SessionAbstract.php
index ab31de7..99baaff 100644
--- a/fproject/Zend/Session/Abstract.php
+++ b/fproject/amf/session/SessionAbstract.php
@@ -1,36 +1,25 @@
 <?php
-
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category   Zend
- * @package    Zend_Session
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id$
- * @since      Preview Release 0.2
- */
-
-
-/**
- * Zend_Session_Abstract
- *
- * @category   Zend
- * @package    Zend_Session
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- */
-abstract class Zend_Session_Abstract
+///////////////////////////////////////////////////////////////////////////////
+//
+// © Copyright f-project.net 2010-present.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+namespace fproject\amf\session;
+
+abstract class SessionAbstract
 {
     /**
      * Whether or not session permits writing (modification of $_SESSION[])
@@ -75,15 +64,12 @@ abstract class Zend_Session_Abstract
      * @param  string $namespace
      * @param  string $name
      * @return bool
+     * @throws SessionException
      */
     protected static function _namespaceIsset($namespace, $name = null)
     {
         if (self::$_readable === false) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception(self::_THROW_NOT_READABLE_MSG);
+            throw new SessionException(self::_THROW_NOT_READABLE_MSG);
         }
 
         if ($name === null) {
@@ -99,17 +85,12 @@ protected static function _namespaceIsset($namespace, $name = null)
      *
      * @param  string $namespace
      * @param  string $name
-     * @throws Zend_Session_Exception
-     * @return void
+     * @throws SessionException
      */
     protected static function _namespaceUnset($namespace, $name = null)
     {
         if (self::$_writable === false) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception(self::_THROW_NOT_WRITABLE_MSG);
+            throw new SessionException(self::_THROW_NOT_WRITABLE_MSG);
         }
 
         $name = (string) $name;
@@ -136,15 +117,12 @@ protected static function _namespaceUnset($namespace, $name = null)
      * @param  string $namespace
      * @param  string $name
      * @return mixed
+     * @throws SessionException
      */
     protected static function & _namespaceGet($namespace, $name = null)
     {
         if (self::$_readable === false) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception(self::_THROW_NOT_READABLE_MSG);
+            throw new SessionException(self::_THROW_NOT_READABLE_MSG);
         }
 
         if ($name === null) {
@@ -171,7 +149,6 @@ protected static function & _namespaceGet($namespace, $name = null)
      * namespaceGetAll() - Get an array containing $namespace, including expiring data.
      *
      * @param string $namespace
-     * @param string $name
      * @return mixed
      */
     protected static function _namespaceGetAll($namespace)
diff --git a/fproject/amf/session/SessionException.php b/fproject/amf/session/SessionException.php
new file mode 100644
index 0000000..361f4ed
--- /dev/null
+++ b/fproject/amf/session/SessionException.php
@@ -0,0 +1,65 @@
+<?php
+///////////////////////////////////////////////////////////////////////////////
+//
+// © Copyright f-project.net 2010-present.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+namespace fproject\amf\session;
+
+
+use fproject\amf\AmfException;
+
+class SessionException extends AmfException
+{
+    /**
+     * sessionStartError
+     *
+     * @see http://framework.zend.com/issues/browse/ZF-1325
+     * @var string PHP Error Message
+     */
+    static public $sessionStartError = null;
+
+    /**
+     * handleSessionStartError() - interface for set_error_handler()
+     *
+     * @see    http://framework.zend.com/issues/browse/ZF-1325
+     * @param $errNo
+     * @param $errStr
+     * @param $errFile
+     * @param $errLine
+     * @param $errContext
+     */
+    static public function handleSessionStartError($errNo, $errStr, $errFile, $errLine, $errContext)
+    {
+        self::$sessionStartError = $errFile . '(Line:' . $errLine . '): Error #' . $errNo . ' ' . $errStr;
+    }
+
+    /**
+     * handleSilentWriteClose() - interface for set_error_handler()
+     *
+     * @see    http://framework.zend.com/issues/browse/ZF-1325
+     * @param  int $errNo
+     * @param $errStr
+     * @param $errFile
+     * @param $errLine
+     * @param $errContext
+     */
+    static public function handleSilentWriteClose($errNo, $errStr, $errFile, $errLine, $errContext)
+    {
+        self::$sessionStartError .= PHP_EOL . $errFile . '(Line:' . $errLine . '): Error #' . $errNo . ' ' . $errStr;
+    }
+}
+
diff --git a/fproject/Zend/Session/Namespace.php b/fproject/amf/session/SessionNamespace.php
similarity index 66%
rename from fproject/Zend/Session/Namespace.php
rename to fproject/amf/session/SessionNamespace.php
index 321a9e6..a27248e 100644
--- a/fproject/Zend/Session/Namespace.php
+++ b/fproject/amf/session/SessionNamespace.php
@@ -1,47 +1,25 @@
 <?php
-/**
- * Zend Framework
- *
- * LICENSE
- *
- * This source file is subject to the new BSD license that is bundled
- * with this package in the file LICENSE.txt.
- * It is also available through the world-wide-web at this URL:
- * http://framework.zend.com/license/new-bsd
- * If you did not receive a copy of the license and are unable to
- * obtain it through the world-wide-web, please send an email
- * to license@zend.com so we can send you a copy immediately.
- *
- * @category   Zend
- * @package    Zend_Session
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- * @version    $Id$
- * @since      Preview Release 0.2
- */
-
-
-/**
- * @see Zend_Session
- */
-require_once 'Zend/Session.php';
-
-
-/**
- * @see Zend_Session_Abstract
- */
-require_once 'Zend/Session/Abstract.php';
-
-
-/**
- * Zend_Session_Namespace
- *
- * @category   Zend
- * @package    Zend_Session
- * @copyright  Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
- * @license    http://framework.zend.com/license/new-bsd     New BSD License
- */
-class Zend_Session_Namespace extends Zend_Session_Abstract implements IteratorAggregate
+///////////////////////////////////////////////////////////////////////////////
+//
+// © Copyright f-project.net 2010-present.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+namespace fproject\amf\session;
+
+class SessionNamespace extends SessionAbstract implements \IteratorAggregate
 {
 
     /**
@@ -93,44 +71,28 @@ public static function resetSingleInstance($namespaceName = null)
      * __construct() - Returns an instance object bound to a particular, isolated section
      * of the session, identified by $namespace name (defaulting to 'Default').
      * The optional argument $singleInstance will prevent construction of additional
-     * instance objects acting as accessors to this $namespace.
+     * instance objects acting as accessor to this $namespace.
      *
-     * @param string $namespace       - programmatic name of the requested namespace
-     * @param bool $singleInstance    - prevent creation of additional accessor instance objects for this namespace
-     * @return void
+     * @param string $namespace - programmatic name of the requested namespace
+     * @param bool $singleInstance - prevent creation of additional accessor instance objects for this namespace
+     * @throws SessionException
      */
     public function __construct($namespace = 'Default', $singleInstance = false)
     {
         if ($namespace === '') {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception('Session namespace must be a non-empty string.');
+            throw new SessionException('Session namespace must be a non-empty string.');
         }
 
         if ($namespace[0] == "_") {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception('Session namespace must not start with an underscore.');
+            throw new SessionException('Session namespace must not start with an underscore.');
         }
 
         if (preg_match('#(^[0-9])#i', $namespace[0])) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception('Session namespace must not start with a number.');
+            throw new SessionException('Session namespace must not start with a number.');
         }
 
         if (isset(self::$_singleInstances[$namespace])) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception("A session namespace object already exists for this namespace ('$namespace'), and no additional accessors (session namespace objects) for this namespace are permitted.");
+            throw new SessionException("A session namespace object already exists for this namespace ('$namespace'), and no additional accessors (session namespace objects) for this namespace are permitted.");
         }
 
         if ($singleInstance === true) {
@@ -140,14 +102,10 @@ public function __construct($namespace = 'Default', $singleInstance = false)
         $this->_namespace = $namespace;
 
         // Process metadata specific only to this namespace.
-        Zend_Session::start(true); // attempt auto-start (throws exception if strict option set)
+        Session::start(true); // attempt auto-start (throws exception if strict option set)
 
         if (self::$_readable === false) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception(self::_THROW_NOT_READABLE_MSG);
+            throw new SessionException(self::_THROW_NOT_READABLE_MSG);
         }
 
         if (!isset($_SESSION['__ZF'])) {
@@ -205,11 +163,11 @@ public function __construct($namespace = 'Default', $singleInstance = false)
      * getIterator() - return an iteratable object for use in foreach and the like,
      * this completes the IteratorAggregate interface
      *
-     * @return ArrayObject - iteratable container of the namespace contents
+     * @return \ArrayObject - iteratable container of the namespace contents
      */
     public function getIterator()
     {
-        return new ArrayObject(parent::_namespaceGetAll($this->_namespace));
+        return new \ArrayObject(parent::_namespaceGetAll($this->_namespace));
     }
 
 
@@ -264,7 +222,7 @@ public function isLocked()
      */
     public function unsetAll()
     {
-        return parent::_namespaceUnset($this->_namespace);
+        parent::_namespaceUnset($this->_namespace);
     }
 
 
@@ -273,15 +231,12 @@ public function unsetAll()
      *
      * @param string $name - programmatic name of a key, in a <key,value> pair in the current namespace
      * @return mixed
+     * @throws SessionException
      */
     public function & __get($name)
     {
         if ($name === '') {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception("The '$name' key must be a non-empty string");
+            throw new SessionException("The '$name' key must be a non-empty string");
         }
 
         return parent::_namespaceGet($this->_namespace, $name);
@@ -293,33 +248,21 @@ public function & __get($name)
      *
      * @param string $name - programmatic name of a key, in a <key,value> pair in the current namespace
      * @param mixed $value - value in the <key,value> pair to assign to the $name key
-     * @throws Zend_Session_Exception
+     * @throws SessionException
      * @return true
      */
     public function __set($name, $value)
     {
         if (isset(self::$_namespaceLocks[$this->_namespace])) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception('This session/namespace has been marked as read-only.');
+            throw new SessionException('This session/namespace has been marked as read-only.');
         }
 
         if ($name === '') {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception("The '$name' key must be a non-empty string");
+            throw new SessionException("The '$name' key must be a non-empty string");
         }
 
         if (parent::$_writable === false) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception(parent::_THROW_NOT_WRITABLE_MSG);
+            throw new SessionException(parent::_THROW_NOT_WRITABLE_MSG);
         }
 
         $name = (string) $name;
@@ -338,6 +281,7 @@ public function __set($name, $value)
      *   $namespace->apply('count');
      *
      * @param string|array $callback - callback function
+     * @return mixed
      */
     public function apply($callback)
     {
@@ -357,6 +301,8 @@ public function apply($callback)
      *   $namespace->applySet('array_merge', array('tree' => 'apple', 'fruit' => 'peach'), array('flower' => 'rose'));
      *
      * @param string|array $callback - callback function
+     * @return mixed
+     * @throws SessionException
      */
     public function applySet($callback)
     {
@@ -364,11 +310,7 @@ public function applySet($callback)
         $arg_list[0] = $_SESSION[$this->_namespace];
         $result = call_user_func_array($callback, $arg_list);
         if (!is_array($result)) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception('Result must be an array. Got: ' . gettype($result));
+            throw new SessionException('Result must be an array. Got: ' . gettype($result));
         }
         $_SESSION[$this->_namespace] = $result;
         return $result;
@@ -380,15 +322,12 @@ public function applySet($callback)
      *
      * @param string $name - programmatic name of a key, in a <key,value> pair in the current namespace
      * @return bool
+     * @throws SessionException
      */
     public function __isset($name)
     {
         if ($name === '') {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception("The '$name' key must be a non-empty string");
+            throw new SessionException("The '$name' key must be a non-empty string");
         }
 
         return parent::_namespaceIsset($this->_namespace, $name);
@@ -400,18 +339,15 @@ public function __isset($name)
      *
      * @param string $name - programmatic name of a key, in a <key,value> pair in the current namespace
      * @return true
+     * @throws SessionException
      */
     public function __unset($name)
     {
         if ($name === '') {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception("The '$name' key must be a non-empty string");
+            throw new SessionException("The '$name' key must be a non-empty string");
         }
 
-        return parent::_namespaceUnset($this->_namespace, $name);
+        parent::_namespaceUnset($this->_namespace, $name);
     }
 
 
@@ -421,25 +357,17 @@ public function __unset($name)
      *
      * @param int $seconds     - expires in this many seconds
      * @param mixed $variables - OPTIONAL list of variables to expire (defaults to all)
-     * @throws Zend_Session_Exception
+     * @throws SessionException
      * @return void
      */
     public function setExpirationSeconds($seconds, $variables = null)
     {
         if (parent::$_writable === false) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception(parent::_THROW_NOT_WRITABLE_MSG);
+            throw new SessionException(parent::_THROW_NOT_WRITABLE_MSG);
         }
 
         if ($seconds <= 0) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception('Seconds must be positive.');
+            throw new SessionException('Seconds must be positive.');
         }
 
         if ($variables === null) {
@@ -469,25 +397,17 @@ public function setExpirationSeconds($seconds, $variables = null)
      * @param int $hops        - how many "hops" (number of subsequent requests) before expiring
      * @param mixed $variables - OPTIONAL list of variables to expire (defaults to all)
      * @param boolean $hopCountOnUsageOnly - OPTIONAL if set, only count a hop/request if this namespace is used
-     * @throws Zend_Session_Exception
+     * @throws SessionException
      * @return void
      */
     public function setExpirationHops($hops, $variables = null, $hopCountOnUsageOnly = false)
     {
         if (parent::$_writable === false) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception(parent::_THROW_NOT_WRITABLE_MSG);
+            throw new SessionException(parent::_THROW_NOT_WRITABLE_MSG);
         }
 
         if ($hops <= 0) {
-            /**
-             * @see Zend_Session_Exception
-             */
-            require_once 'Zend/Session/Exception.php';
-            throw new Zend_Session_Exception('Hops must be positive number.');
+            throw new SessionException('Hops must be positive number.');
         }
 
         if ($variables === null) {
diff --git a/fproject/amf/session/SessionSaveHandlerInterface.php b/fproject/amf/session/SessionSaveHandlerInterface.php
new file mode 100644
index 0000000..8d208ed
--- /dev/null
+++ b/fproject/amf/session/SessionSaveHandlerInterface.php
@@ -0,0 +1,70 @@
+<?php
+///////////////////////////////////////////////////////////////////////////////
+//
+// © Copyright f-project.net 2010-present.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+namespace fproject\amf\session;
+
+interface SessionSaveHandlerInterface
+{
+
+    /**
+     * Open Session - retrieve resources
+     *
+     * @param string $save_path
+     * @param string $name
+     */
+    public function open($save_path, $name);
+
+    /**
+     * Close Session - free resources
+     *
+     */
+    public function close();
+
+    /**
+     * Read session data
+     *
+     * @param string $id
+     */
+    public function read($id);
+
+    /**
+     * Write Session - commit data to resource
+     *
+     * @param string $id
+     * @param mixed $data
+     */
+    public function write($id, $data);
+
+    /**
+     * Destroy Session - remove data from resource for
+     * given session id
+     *
+     * @param string $id
+     */
+    public function destroy($id);
+
+    /**
+     * Garbage Collection - remove old session data older
+     * than $maxLifetime (in seconds)
+     *
+     * @param int $maxLifetime
+     */
+    public function gc($maxLifetime);
+
+}
diff --git a/fproject/amf/session/SessionValidatorInterface.php b/fproject/amf/session/SessionValidatorInterface.php
new file mode 100644
index 0000000..731f2f4
--- /dev/null
+++ b/fproject/amf/session/SessionValidatorInterface.php
@@ -0,0 +1,41 @@
+<?php
+///////////////////////////////////////////////////////////////////////////////
+//
+// © Copyright f-project.net 2010-present.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+///////////////////////////////////////////////////////////////////////////////
+
+namespace fproject\amf\session;
+
+interface SessionValidatorInterface
+{
+
+    /**
+     * Setup() - this method will store the environment variables
+     * necessary to be able to validate against in future requests.
+     *
+     * @return void
+     */
+    public function setup();
+
+    /**
+     * Validate() - this method will be called at the beginning of
+     * every session to determine if the current environment matches
+     * that which was store in the setup() procedure.
+     *
+     * @return boolean
+     */
+    public function validate();
+}
diff --git a/tests/Zend/Amf/ServerTest.php b/tests/Zend/Amf/ServerTest.php
index 11f8667..a6bc678 100644
--- a/tests/Zend/Amf/ServerTest.php
+++ b/tests/Zend/Amf/ServerTest.php
@@ -32,7 +32,6 @@
 require_once 'Zend/Amf/Adobe/Auth.php';
 require_once 'ServiceA.php';
 require_once 'ServiceB.php';
-require_once 'Zend/Session.php';
 
 /**
  * @category   Zend
@@ -956,8 +955,8 @@ public function testSingleObjectParamaterAMF3()
      */
     public function testSessionAmf3()
     {
-        Zend_Session::$_unitTestEnabled = true;
-        Zend_Session::start();
+        \fproject\amf\session\Session::$_unitTestEnabled = true;
+        \fproject\amf\session\Session::start();
         $this->_server->setClass('Zend_Amf_testSession');
         $this->_server->setSession();
 
@@ -985,7 +984,7 @@ public function testSessionAmf3()
         $this->assertEquals('AppendToGatewayUrl',$headerBody[0]->name);
 
         // Do not stop session since it still can be used by other tests
-        // Zend_Session::stop();
+        // \fproject\amf\session\Session::stop();
     }
 
     public function testAddDirectory()