--- /dev/null
+#!/bin/sh
+
+[ -n "$include_session" ] && return 0
+include_session="$0"
+
+_DATE="$(date +%s)"
+SESSION_TIMEOUT="${SESSION_TIMEOUT:-7200}"
+
+server_key(){
+ IDFILE="${IDFILE:-${_DATA:-.}/serverkey}"
+ if [ "$(stat -c %s "$IDFILE")" -ne 512 ] || ! cat "$IDFILE"; then
+ dd count=1 bs=512 if=/dev/urandom \
+ | tee "$IDFILE"
+ fi 2>&-
+}
+
+slopecode(){
+ # 6-Bit Code that retains sort order of input data, while beeing safe to use
+ # in ascii transmissions, unix file names, HTTP URLs, and HTML attributes
+
+ uuencode -m - | sed '
+ 1d;$d;
+ y;ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/;0123456789:=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz;
+ '
+}
+
+randomid(){
+ dd bs=12 count=1 if=/dev/urandom 2>&- \
+ | slopecode
+}
+
+timeid(){
+ d=$(($_DATE % 4294967296))
+ { printf "$(
+ printf \\%o \
+ $((d / 16777216 % 256)) \
+ $((d / 65536 % 256)) \
+ $((d / 256 % 256)) \
+ $((d % 256))
+ )"
+ dd bs=8 count=1 if=/dev/urandom 2>&-
+ } | slopecode
+}
+
+checkid(){ grep -m 1 -xE '[0-9a-zA-Z:=]{16}'; }
+
+transid(){
+ # transaction ID to modify a given file
+ local file="$1"
+ { stat -c %F%i%n%N%s%Y "$file" 2>&-
+ printf %s "$SESSION_ID"
+ server_key
+ } | sha256sum | cut -d\ -f1
+}
+
+update_session(){
+ local session sid time sig serverkey checksig
+
+ IFS=- read -r sid time sig <<-END
+ $(POST session_key || COOKIE session)
+ END
+ serverkey="$(server_key)"
+
+ checksig="$(printf %s "$sid" "$time" "$serverkey" | sha256sum)"
+ checksig="${checksig%% *}"
+
+ if ! [ "$checksig" = "$sig" \
+ -a "$time" -ge "$_DATE" \
+ -a "$(printf %s "$sid" |checkid)" ] 2>&-
+ then
+ debug "Setting up new session"
+ sid="$(randomid)"
+ fi
+
+ time=$(( $_DATE + $SESSION_TIMEOUT ))
+ sig="$(printf %s "$sid" "$time" "$serverkey" |sha256sum)"
+ sig="${sig%% *}"
+ printf %s\\n "${sid}-${time}-${sig}"
+}
+
+SESSION_KEY="$(update_session)"
+SET_COOKIE 0 session="$SESSION_KEY" Path=/ SameSite=Strict HttpOnly
+SESSION_ID="${SESSION_KEY%%-*}"