diff --git a/DEembedq.php b/DEembedq.php
index 6d5e5a2071..6e88f354ce 100644
--- a/DEembedq.php
+++ b/DEembedq.php
@@ -16,9 +16,9 @@
 require("./assessment/displayq2.php");
 $GLOBALS['assessver'] = 1;
 
-$sessiondata = array();
-$sessiondata['graphdisp'] = 1;
-$sessiondata['mathdisp'] = 3;
+$_SESSION = array();
+$_SESSION['graphdisp'] = 1;
+$_SESSION['mathdisp'] = 3;
 $showtips = 2;
 $useeqnhelper = 4;
 $courseUIver = 1;
@@ -35,7 +35,7 @@
 }
 
 $qsetid=intval($_GET['id']);
-$sessiondata['coursetheme'] = $coursetheme;
+$_SESSION['coursetheme'] = $coursetheme;
 
 $page_formAction = "DEembedq.php?id=$qsetid";
 
diff --git a/OEAembedq.php b/OEAembedq.php
index 8831922fbd..e3fab6ecb1 100644
--- a/OEAembedq.php
+++ b/OEAembedq.php
@@ -16,7 +16,7 @@
 require("./assessment/displayq2.php");
 $GLOBALS['assessver'] = 2;
 
-$sessiondata = array();
+$_SESSION = array();
 
 $prefdefaults = array(
 	'mathdisp'=>6,
@@ -26,27 +26,27 @@
 	'livepreview'=>1);
 
 $prefcookie = json_decode($_COOKIE["OEAembeduserprefs"], true);
-$sessiondata['userprefs'] = array();
+$_SESSION['userprefs'] = array();
 foreach($prefdefaults as $key=>$def) {
 	if ($prefcookie!==null && isset($prefcookie[$key])) {
-		$sessiondata['userprefs'][$key] = filter_var($prefcookie[$key], FILTER_SANITIZE_NUMBER_INT);
+		$_SESSION['userprefs'][$key] = filter_var($prefcookie[$key], FILTER_SANITIZE_NUMBER_INT);
 	} else {
-		$sessiondata['userprefs'][$key] = $def;
+		$_SESSION['userprefs'][$key] = $def;
 	}
 }
 if (isset($_GET['graphdisp'])) { //currently same is used for graphdisp and drawentry
-	$sessiondata['userprefs']['graphdisp'] = filter_var($_GET['graphdisp'], FILTER_SANITIZE_NUMBER_INT);
-	$sessiondata['userprefs']['drawentry'] = filter_var($_GET['graphdisp'], FILTER_SANITIZE_NUMBER_INT);
+	$_SESSION['userprefs']['graphdisp'] = filter_var($_GET['graphdisp'], FILTER_SANITIZE_NUMBER_INT);
+	$_SESSION['userprefs']['drawentry'] = filter_var($_GET['graphdisp'], FILTER_SANITIZE_NUMBER_INT);
 	setcookie("OEAembeduserprefs", json_encode(array(
-		'graphdisp'=>$sessiondata['userprefs']['graphdisp'],
-		'drawentry'=>$sessiondata['userprefs']['drawentry']
+		'graphdisp'=>$_SESSION['userprefs']['graphdisp'],
+		'drawentry'=>$_SESSION['userprefs']['drawentry']
 		)),0,'','',false,true);
 }
 foreach(array('graphdisp','mathdisp','useed') as $key) {
-	$sessiondata[$key] = $sessiondata['userprefs'][$key];
+	$_SESSION[$key] = $_SESSION['userprefs'][$key];
 }
 
-$sessiondata['secsalt'] = "12345";
+$_SESSION['secsalt'] = "12345";
 $cid = "embedq";
 $showtips = 2;
 $useeqnhelper = 4;
@@ -94,7 +94,7 @@
 if (isset($_REQUEST['theme'])) {
 	$theme = preg_replace('/\W/','',$_REQUEST['theme']);
 	$page_formAction .= '&theme='.$theme;
-	$sessiondata['coursetheme'] = $theme.'.css';
+	$_SESSION['coursetheme'] = $theme.'.css';
 }
 
 
@@ -129,7 +129,7 @@ function sendresizemsg() {
 		});
 	}
 	</script>';
-if ($sessiondata['mathdisp']==1 || $sessiondata['mathdisp']==3) {
+if ($_SESSION['mathdisp']==1 || $_SESSION['mathdisp']==3) {
 	//in case MathJax isn't loaded yet
 	$placeinhead .= '<script type="text/x-mathjax-config">
 		MathJax.Hub.Queue(function () {
@@ -140,7 +140,7 @@ function sendresizemsg() {
 $useeditor = 1;
 require("./assessment/header.php");
 
-if ($sessiondata['graphdisp'] == 1) {
+if ($_SESSION['graphdisp'] == 1) {
 	echo '<div style="position:absolute;width:1px;height:1px;left:0px:top:-1px;overflow:hidden;"><a href="OEAembedq.php?'.Sanitize::encodeStringForDisplay($_SERVER['QUERY_STRING']).'&graphdisp=0">Enable text based alternatives for graph display and drawing entry</a></div>';
 } else {
 	echo '<div style="float:right;"><a href="OEAembedq.php?'.Sanitize::encodeStringForDisplay($_SERVER['QUERY_STRING']).'&graphdisp=1">Enable visual graph display and drawing entry</a></div>';
diff --git a/actions.php b/actions.php
index 042c831b36..5914f094b7 100644
--- a/actions.php
+++ b/actions.php
@@ -388,9 +388,6 @@
 
 	require("init.php");
 	if ($_GET['action']=="logout") {
-		$sessionid = session_id();
-		$stm = $DBH->prepare("DELETE FROM imas_sessions WHERE sessionid=?");
-		$stm->execute(array($sessionid));
 		$_SESSION = array();
 		if (isset($_COOKIE[session_name()])) {
 			setcookie(session_name(), '', time()-42000, '/', null, false, true);
@@ -783,15 +780,6 @@
 
 		}
 
-
-		/* moved above
-		if (isset($_POST['settimezone'])) {
-			if (date_default_timezone_set($_POST['settimezone'])) {
-				$tzname = $_POST['settimezone'];
-				$stm = $DBH->prepare("UPDATE imas_sessions SET tzname=:tzname WHERE sessionid=:sessionid");
-				$stm->execute(array(':tzname'=>$tzname, ':sessionid'=>$sessionid));
-			}
-		}*/
 	} else if ($_GET['action']=="forumwidgetsettings") {
 		$checked = $_POST['checked'];
 		$all = explode(',',$_POST['allcourses']);
@@ -810,14 +798,14 @@
 	}
 	if ($isgb) {
 		echo '<html><body>Changes Recorded.  <input type="button" onclick="parent.GB_hide()" value="Done" /></body></html>';
-	} else if (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0) {
+	} else if (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0) {
 		$stm = $DBH->prepare("SELECT courseid FROM imas_assessments WHERE id=:id");
-		$stm->execute(array(':id'=>$sessiondata['ltiitemid']));
+		$stm->execute(array(':id'=>$_SESSION['ltiitemid']));
 		$cid = Sanitize::courseId($stm->fetchColumn(0));
-		if (isset($sessiondata['ltiitemver']) && $sessiondata['ltiitemver'] > 1) {
-			header('Location: ' . $GLOBALS['basesiteurl'] . "/assess2/?cid=$cid&aid={$sessiondata['ltiitemid']}&r=".Sanitize::randomQueryStringParam());
+		if (isset($_SESSION['ltiitemver']) && $_SESSION['ltiitemver'] > 1) {
+			header('Location: ' . $GLOBALS['basesiteurl'] . "/assess2/?cid=$cid&aid={$_SESSION['ltiitemid']}&r=".Sanitize::randomQueryStringParam());
 		} else {
-			header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php?cid=$cid&id={$sessiondata['ltiitemid']}&r=".Sanitize::randomQueryStringParam());
+			header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php?cid=$cid&id={$_SESSION['ltiitemid']}&r=".Sanitize::randomQueryStringParam());
 		}
 	} else {
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/index.php?r=" . Sanitize::randomQueryStringParam());
diff --git a/admin/actions.php b/admin/actions.php
index 230de7dea3..84f28d03ed 100644
--- a/admin/actions.php
+++ b/admin/actions.php
@@ -43,8 +43,7 @@
 	case "emulateuser":
 		if ($myrights < 100 ) { break;}
 		$be = $_REQUEST['uid'];
-		$stm = $DBH->prepare("UPDATE imas_sessions SET userid=:userid WHERE sessionid=:sessionid");
-		$stm->execute(array(':userid'=>$be, ':sessionid'=>$sessionid));
+		$_SESSION['userid'] = $be;
 		break;
 	case "chgrights":
 		if ($myrights < 75 && ($myspecialrights&16)!=16 && ($myspecialrights&32)!=32) { echo "You don't have the authority for this action"; break;}
@@ -403,9 +402,6 @@
 		}
 		break;
 	case "logout":
-		$sessionid = session_id();
-		$stm = $DBH->prepare("DELETE FROM imas_sessions WHERE sessionid=:sessionid");
-		$stm->execute(array(':sessionid'=>$sessionid));
 		$_SESSION = array();
 		if (isset($_COOKIE[session_name()])) {
 			setcookie(session_name(), '', time()-42000, '/', '',false ,true );
@@ -985,143 +981,6 @@ function updateoutcomes(&$arr) {
 			}
 		}
 		break;
-	/*
-	removed from production code - security risk
-	case "importmacros":
-		if ($myrights < 100 || !$allowmacroinstall) { echo "You don't have the authority for this action"; break;}
-		$uploaddir = rtrim(dirname("../config.php"), '/\\') .'/assessment/libs/';
-		$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			if (strpos($uploadfile,'.php')!==FALSE) {
-				$handle = fopen($uploadfile, "r");
-				$atstart = true;
-				if ($handle) {
-					while (!feof($handle)) {
-						$buffer = fgets($handle, 4096);
-						if (strpos($buffer,"//")===0) {
-							$trimmed = trim(substr($buffer,2));
-							if ($trimmed{0}!='<' && substr($trimmed,-1)!='>') {
-								$numspaces = strlen(substr($buffer,2)) - strlen(ltrim(substr($buffer,2)));
-								$comments .= str_repeat('&nbsp;', $numspaces);
-								$comments .= $trimmed . '<br/>';
-							} else {
-								$comments .= $trimmed;
-							}
-						} else if (strpos($buffer,"function")===0) {
-							$func = substr($buffer,9,strpos($buffer,"(")-9);
-							if ($comments!='') {
-								$outlines .= "<h2><a name=\"$func\">$func</a></h2>\n";
-								$funcs[] = $func;
-								$outlines .= $comments;
-								$comments = '';
-							}
-						} else if ($atstart && trim($buffer)=='') {
-							$startcomments = $comments;
-							$atstart = false;
-							$comments = '';
-						} else {
-							$comments = '';
-						}
-					}
-				}
-				fclose($handle);
-				$lib = basename($uploadfile,".php");
-				$outfile = fopen($uploaddir . $lib.".html", "w");
-				fwrite($outfile,"<html><body>\n<h1>Macro Library $lib</h1>\n");
-				fwrite($outfile,$startcomments);
-				fwrite($outfile,"<ul>\n");
-				foreach($funcs as $func) {
-					fwrite($outfile,"<li><a href=\"#$func\">$func</a></li>\n");
-				}
-				fwrite($outfile,"</ul>\n");
-				fwrite($outfile, $outlines);
-				fclose($outfile);
-			}
-			break;
-		} else {
-			require("../header.php");
-			echo "<p>Error uploading file!</p>\n";
-			require("../footer.php");
-			exit;
-		}
-	*/
-	case "importqimages":
-		if ($myrights < 100 || !$allowmacroinstall) { echo "You don't have the authority for this action"; break;}
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			if (strpos($uploadfile,'.tar.gz')!==FALSE) {
-				include("../includes/tar.class.php");
-				require_once("../includes/filehandler.php");
-				$tar = new tar();
-				$tar->openTAR($uploadfile);
-				if ($tar->hasFiles()) {
-					if (getfilehandlertype('filehandlertypecfiles') == 's3') {
-						$n = $tar->extractToS3("qimages","public");
-					} else {
-						$n = $tar->extractToDir("../assessment/qimages/");
-					}
-					require("../header.php");
-					echo "<p>Extracted $n files.  <a href=\"admin2.php\">Continue</a></p>\n";
-					require("../footer.php");
-					exit;
-				} else {
-					require("../header.php");
-					echo "<p>File appears to contain nothing</p>\n";
-					require("../footer.php");
-					exit;
-				}
-
-			}
-			unlink($uploadfile);
-			break;
-		} else {
-			require("../header.php");
-			echo "<p>Error uploading file!</p>\n";
-			require("../footer.php");
-			exit;
-		}
-	case "importcoursefiles":
-		if ($myrights < 100 || !$allowmacroinstall) { echo "You don't have the authority for this action"; break;}
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			if (strpos($uploadfile,'.zip')!==FALSE && class_exists('ZipArchive')) {
-				require_once("../includes/filehandler.php");
-				$zip = new ZipArchive();
-				$res = $zip->open($uploadfile);
-				$ne = 0;  $ns = 0;
-				if ($res===true) {
-					for($i = 0; $i < $zip->numFiles; $i++) {
-						//if (file_exists("../course/files/".$zip->getNameIndex($i))) {
-						if (doesfileexist('cfile',$zip->getNameIndex($i))) {
-							$ns++;
-						} else {
-							$zip->extractTo("../course/files/", array($zip->getNameIndex($i)));
-							relocatecoursefileifneeded("../course/files/".$zip->getNameIndex($i),$zip->getNameIndex($i));
-							$ne++;
-						}
-					}
-					require("../header.php");
-					echo "<p>Extracted $ne files.  Skipped $ns files.  <a href=\"admin2.php\">Continue</a></p>\n";
-					require("../footer.php");
-					exit;
-				} else {
-					require("../header.php");
-					echo "<p>File appears to contain nothing</p>\n";
-					require("../footer.php");
-					exit;
-				}
-
-			}
-			unlink($uploadfile);
-			break;
-		} else {
-			require("../header.php");
-			echo "<p>Error uploading file!</p>\n";
-			require("../footer.php");
-			exit;
-		}
 	case "removeself":
 		if ($myrights < 20) {
 			echo 'Error: Unauthorized';
@@ -1301,8 +1160,7 @@ function updateoutcomes(&$arr) {
 			//check that code is valid and not a replay
 			if ($MFA->verifyCode($mfadata['secret'], $_POST['mfatoken']) &&
 			   ($_POST['mfatoken'] != $mfadata['last'] || time() - $mfadata['laston'] > 600)) {
-				$sessiondata['mfaverified'] = true;
-				writesessiondata();
+				$_SESSION['mfaverified'] = true;
 				$mfadata['last'] = $_POST['mfatoken'];
 				$mfadata['laston'] = time();
 				if (isset($_POST['mfatrust'])) {
diff --git a/admin/forms.php b/admin/forms.php
index 86f611a6a4..83805dad3f 100644
--- a/admin/forms.php
+++ b/admin/forms.php
@@ -1213,44 +1213,6 @@ function setCourse(course) {
 			echo '<p class=small>'._('Course Ancestors').': '.Sanitize::encodeStringForDisplay($line['ancestors']).'</p>';
 		}
 		break;
-	case "importmacros":
-		if ($myrights < 100) { echo "You don't have the authority for this action"; break;}
-
-		echo "<h2>Install Macro File</h2>\n";
-		echo "<p><b>Warning:</b> Macro Files have a large security risk.  <b>Only install macro files from a trusted source</b></p>\n";
-		echo "<p><b>Warning:</b> Install will overwrite any existing macro file of the same name</p>\n";
-		echo "<form enctype=\"multipart/form-data\" method=post action=\"actions.php?from=".Sanitize::encodeUrlParam($from)."\">\n";
-		echo '<input type=hidden name=action value="importmacros" />';
-		echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"300000\" />\n";
-		echo "<span class=form>Import file: </span><span class=formright><input name=\"userfile\" type=\"file\" /></span><br class=form>\n";
-		echo "<div class=submit><input type=submit value=\"Submit\"></div>\n";
-		echo "</form>\n";
-		break;
-
-	case "importqimages":
-		if ($myrights < 100) { echo "You don't have the authority for this action"; break;}
-		echo "<h2>Install Question Images</h2>\n";
-		echo "<p><b>Warning:</b> This has a large security risk.  <b>Only install question images from a trusted source</b>, and where you've verified the archive only contains images.</p>\n";
-		echo "<p><b>Warning:</b> Install will ignore files with the same filename as existing files.</p>\n";
-		echo "<form enctype=\"multipart/form-data\" method=post action=\"actions.php?from=".Sanitize::encodeUrlParam($from)."\">\n";
-		echo '<input type=hidden name=action value="importqimages" />';
-		echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"5000000\" />\n";
-		echo "<span class=form>Import file: </span><span class=formright><input name=\"userfile\" type=\"file\" /></span><br class=form>\n";
-		echo "<div class=submit><input type=submit value=\"Submit\"></div>\n";
-		echo "</form>\n";
-		break;
-	case "importcoursefiles":
-		if ($myrights < 100) { echo "You don't have the authority for this action"; break;}
-		echo "<h2>Install Course files</h2>\n";
-		echo "<p><b>Warning:</b> This has a large security risk.  <b>Only install course files from a trusted source</b>, and where you've verified the archive only contains regular files (no PHP files).</p>\n";
-		echo "<p><b>Warning:</b> Install will ignore files with the same filename as existing files.</p>\n";
-		echo "<form enctype=\"multipart/form-data\" method=post action=\"actions.php?from=".Sanitize::encodeUrlParam($from)."\">\n";
-		echo '<input type=hidden name=action value="importcoursefiles" />';
-		echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"10000000\" />\n";
-		echo "<span class=form>Import file: </span><span class=formright><input name=\"userfile\" type=\"file\" /></span><br class=form>\n";
-		echo "<div class=submit><input type=submit value=\"Submit\"></div>\n";
-		echo "</form>\n";
-		break;
 	case "deloldusers":
 		if ($myrights < 100) { echo "You don't have the authority for this action"; break;}
 		echo "<h2>Delete Old Users</h2>\n";
diff --git a/admin/importitems.php b/admin/importitems.php
index 23531e1e6f..5f6a1c2015 100644
--- a/admin/importitems.php
+++ b/admin/importitems.php
@@ -13,7 +13,7 @@
 require("../init.php");
 require_once(__DIR__ . "/../includes/htmLawed.php");
 require("../includes/safeunserialize.php");
-
+require_once("../includes/filehandler.php");
 
 /*** pre-html data manipulation, including function code *******/
 function getsubinfo($items,$parent,$pre) {
@@ -624,9 +624,11 @@ function copysub($items,$parent,&$addtoarr) {
 
 	//FORM HAS BEEN POSTED, STEP 3 DATA MANIPULATION
 	if (isset($_POST['process'])) {
-		$filename = rtrim(dirname(__FILE__), '/\\') .'/import/' . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
+		//$filename = rtrim(dirname(__FILE__), '/\\') .'/import/' . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
+		$filename = getimportfilepath(Sanitize::simplestring($_POST['filekey']));
 		list ($desc,$itemlist,$item,$questions,$qset,$sourceinstall,$ownerid) = parsefile($filename);
-
+		deleteimport(Sanitize::simplestring($_POST['filekey']));
+		
 		$userights = $_POST['userights'];
 		$newlibs = explode(",",array_map('intval',$_POST['libs']));
 
@@ -666,20 +668,23 @@ function copysub($items,$parent,&$addtoarr) {
 		exit;
 	} elseif ($_FILES['userfile']['name']!='') { //STEP 2 DATA MANIPULATION
 		$page_fileErrorMsg = "";
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			$page_fileHiddenInput = "<input type=hidden name=\"filename\" value=\"".Sanitize::encodeStringForDisplay(basename($uploadfile))."\" />\n";
+
+		list ($desc,$itemlist,$item,$questions,$qset,$sourceinstall,$ownerid) = parsefile(realpath($_FILES['userfile']['tmp_name']));
+
+		if (!isset($desc)) {
+			$page_fileErrorMsg .=  "This does not appear to be a course items file.  It may be ";
+			$page_fileErrorMsg .=  "a question or library export.\n";
+		}
+
+		if ($filekey = storeimportfile('userfile')) {
+			$page_fileHiddenInput = "<input type=hidden name=\"filekey\" value=\"".Sanitize::encodeStringForDisplay($filekey)."\" />\n";
 		} else {
 			echo "<p>Error uploading file!</p>\n";
 			echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
 			exit;
 		}
-		list ($desc,$itemlist,$item,$questions,$qset,$sourceinstall,$ownerid) = parsefile($uploadfile);
-		if (!isset($desc)) {
-			$page_fileErrorMsg .=  "This does not appear to be a course items file.  It may be ";
-			$page_fileErrorMsg .=  "a question or library export.\n";
-		}
+
+
 
 		$items = safe_unserialize($itemlist);
 		$ids = array();
@@ -772,7 +777,7 @@ function chkgrp(frm, arr, mark) {
 				<option value="4">Allow use and modifications by all</option>
 			</select>
 			<br/><input type="checkbox" name="reuseqrights" checked /> Use rights in import, if available.
-			
+
 		</p>
 		<p>
 
diff --git a/admin/importitems2.php b/admin/importitems2.php
index 90da879417..bae11607ce 100644
--- a/admin/importitems2.php
+++ b/admin/importitems2.php
@@ -37,13 +37,14 @@
 } else if (isset($_POST['process'])) {
 	//FORM HAS BEEN POSTED, STEP 3 DATA MANIPULATION - do import
 
-	$uploaddir = __DIR__.'/import/';
-	$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
+  $filekey = Sanitize::simplestring($_POST['filekey']);
+  $uploadfile = getimportfilepath($filekey);
+
 	$data = json_decode(file_get_contents($uploadfile), true);
   if (!isset($data['course']['UIver'])) {
     $data['course']['UIver'] = 1;
   }
-  
+
 	$options = array();
 	foreach (array('courseopt','gbsetup','offline','calitems','stickyposts') as $n) {
 		if (isset($_POST['import'.$n])) {
@@ -85,19 +86,18 @@
 		$body .= Sanitize::encodeStringForDisplay($k.': '.$v).'<br/>';
 	}
 	$body .= '</p><p><a href="../course/course.php?cid='.$cid.'">Done</a><p>';
-
+  deleteimport($filekey);
 } elseif ($_FILES['userfile']['name']!='') {
 	//STEP 2 DATA MANIPULATION - parse input file
 	$page_fileErrorMsg = "";
-	$uploaddir = __DIR__.'/import/';
-	$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_FILES['userfile']['name']);
-	if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-		$page_fileHiddenInput = '<input type=hidden name="filename" value="'.Sanitize::encodeStringForDisplay(basename($uploadfile)).'" />';
-	} else {
-		echo "<p>Error uploading file!</p>\n";
-		echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
-		exit;
-	}
+  if ($filekey = storeimportfile('userfile')) {
+    $page_fileHiddenInput = "<input type=hidden name=\"filekey\" value=\"".Sanitize::encodeStringForDisplay($filekey)."\" />\n";
+  } else {
+    echo "<p>Error uploading file!</p>\n";
+    echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
+    exit;
+  }
+  $uploadfile = getimportfilepath($filekey);
 	$data = json_decode(file_get_contents($uploadfile), true);
 	if ($data===null || !isset($data['course'])) {
 		$page_fileErrorMsg .=  "This does not appear to be a course items file.  It may be ";
diff --git a/admin/importitemsfuncs.php b/admin/importitemsfuncs.php
index 5d4ac5ade3..362f441e7d 100644
--- a/admin/importitemsfuncs.php
+++ b/admin/importitemsfuncs.php
@@ -30,6 +30,14 @@ function getsubinfo($items,$parent,$pre) {
 	}
 }
 
+function ecount($v) {
+	if (is_array($v)) {
+		return count($v);
+	} else {
+		return 0;
+	}
+}
+
 class ImportItemClass
 {
 
@@ -215,12 +223,12 @@ public function importdata($data, $cid, $checked, $options) {
 	return array(
 		'Questions Added'=>$this->qsadded,
 		'Questions Updated'=>$this->qmodcnt,
-		'InlineText Imported'=>count($this->typemap['InlineText']),
-		'Linked Imported'=>count($this->typemap['LinkedText']),
-		'Forums Imported'=>count($this->typemap['Forum']),
-		'Assessments Imported'=>count($this->typemap['Assessment']),
-		'Drills Imported'=>count($this->typemap['Drill']),
-		'Wikis Imported'=>count($this->typemap['Wiki'])
+		'InlineText Imported'=>ecount($this->typemap['InlineText']),
+		'Linked Imported'=>ecount($this->typemap['LinkedText']),
+		'Forums Imported'=>ecount($this->typemap['Forum']),
+		'Assessments Imported'=>ecount($this->typemap['Assessment']),
+		'Drills Imported'=>ecount($this->typemap['Drill']),
+		'Wikis Imported'=>ecount($this->typemap['Wiki'])
 		);
 }
 
diff --git a/admin/importlib.php b/admin/importlib.php
index ee0db74567..92bef3c529 100644
--- a/admin/importlib.php
+++ b/admin/importlib.php
@@ -153,6 +153,7 @@ function writeq($qd,$rights,$qn) {
 		$nogz = false;
 		$handle = gzopen($file,"r");
 	}
+
 	$line = '';
 	while ((!$nogz || !feof($handle)) && ($nogz || !gzeof($handle))) {
 		if ($nogz) {
@@ -340,11 +341,12 @@ function parselibs($file) {
 
 	//FORM HAS BEEN POSTED, STEP 3 DATA MANIPULATION
 	if (isset($_POST['process'])) {
-		$filename = rtrim(dirname(__FILE__), '/\\') .'/import/' . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
+		$filekey = Sanitize::simplestring($_POST['filekey']);
+		$uploadfile = getimportfilepath($filekey);
 
 		$libstoadd = array_map('intval',$_POST['libs']);
 
-		list($packname,$names,$parents,$libitems,$unique,$lastmoddate,$ownerid,$userights,$sourceinstall) = parselibs($filename);
+		list($packname,$names,$parents,$libitems,$unique,$lastmoddate,$ownerid,$userights,$sourceinstall) = parselibs($uploadfile);
 
 		$root = Sanitize::onlyInt(trim($_POST['parent']));
         $librights = Sanitize::onlyInt(trim($_POST['librights']));
@@ -436,7 +438,7 @@ function parselibs($file) {
 		}
 
 		//write questions, get qsetids
-		$qids = parseqs($filename,$touse,$qrights);
+		$qids = parseqs($uploadfile,$touse,$qrights);
 		if (count($qids)>0) {
 			//resolve any includecodefrom links
 			$qidstocheck = implode(',', array_map('intval', $qids));
@@ -522,7 +524,7 @@ function parselibs($file) {
 		}
 		$DBH->commit();
 
-		unlink($filename);
+		deleteimport($filekey);
 		$page_uploadSuccessMsg = "Import Successful.<br>\n";
 		$page_uploadSuccessMsg .= "New Libraries: $newl.<br>";
 		$page_uploadSuccessMsg .= "New Questions: $newq.<br>";
@@ -533,14 +535,14 @@ function parselibs($file) {
 
 	} elseif ($_FILES['userfile']['name']!='') { // STEP 2 DATA MANIPULATION
 		$page_fileErrorMsg = "";
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_FILES['userfile']['name']);
-
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			$page_fileHiddenInput = "<input type=hidden name=\"filename\" value=\"".Sanitize::encodeStringForDisplay(basename($uploadfile))."\" />\n";
-		} else {
-			$page_fileErrorMsg .= "<p>Error uploading file!</p>\n";
-		}
+		if ($filekey = storeimportfile('userfile')) {
+	    $page_fileHiddenInput = "<input type=hidden name=\"filekey\" value=\"".Sanitize::encodeStringForDisplay($filekey)."\" />\n";
+	  } else {
+	    echo "<p>Error uploading file!</p>\n";
+	    echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
+	    exit;
+	  }
+		$uploadfile = getimportfilepath($filekey);
 
 		list($packname,$names,$parents,$libitems,$unique,$lastmoddate,$ownerid,$userights,$sourceinstall) = parselibs($uploadfile);
 
diff --git a/admin/importstu.php b/admin/importstu.php
index a437bcbf3d..c2740539e6 100644
--- a/admin/importstu.php
+++ b/admin/importstu.php
@@ -6,6 +6,7 @@
 require("../init.php");
 require("../includes/htmlutil.php");
 require("../includes/newusercommon.php");
+require_once("../includes/filehandler.php");
 
 /*** pre-html data manipulation, including function code *******/
 // Reads past the UTF-8 bom if it is there.
@@ -116,9 +117,10 @@ function parsecsv($data) {
 		$stm = $DBH->prepare("SELECT deflatepass FROM imas_courses WHERE id=:cid");
 		$stm->execute(array(':cid'=>$ncid));
 		$deflatepass = $stm->fetchColumn(0);
-		
-		$filename = rtrim(dirname(__FILE__), '/\\') .'/import/' . Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['filename']);
-		$handle = fopen_utf8($filename,'r');
+
+    $filekey = Sanitize::simplestring($_POST['filekey']);
+    $uploadfile = getimportfilepath($filekey);
+    $handle = fopen_utf8($uploadfile,'r');
 		if ($_POST['hdr']==1) {
 			$data = fgetcsv($handle,2096);
 		}
@@ -186,7 +188,7 @@ function parsecsv($data) {
 		}
 
 		fclose($handle);
-		unlink($filename);
+		deleteimport($filekey);
 		$overwriteBody = 1;
 		$body = "Import Successful<br/>\n";
 		$body .= "<p>";
@@ -198,15 +200,15 @@ function parsecsv($data) {
 		$body .= "</a></p>\n";
 
 	} elseif (isset($_FILES['userfile'])) {  //STEP 2 DATA MANIPULATION
-		$uploaddir = rtrim(dirname(__FILE__), '/\\') .'/import/';
-		$uploadfile = $uploaddir . Sanitize::sanitizeFilenameAndCheckBlacklist($_FILES['userfile']['name']);
-		if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
-			$uploadfilename = basename($uploadfile);
-			$page_fileHiddenInput = "<input type=hidden name=\"filename\" value=\"".Sanitize::encodeStringForDisplay($uploadfilename)."\" />\n";
-		} else {
-			$overwriteBody = 1;
-			$body = "<p>Error uploading file!</p>\n";
-		}
+    if ($filekey = storeimportfile('userfile')) {
+      $page_fileHiddenInput = "<input type=hidden name=\"filekey\" value=\"".Sanitize::encodeStringForDisplay($filekey)."\" />\n";
+    } else {
+      echo "<p>Error uploading file!</p>\n";
+      echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
+      exit;
+    }
+    $uploadfile = getimportfilepath($filekey);
+    
 		$handle = fopen_utf8($uploadfile,'r');
 		if ($_POST['hdr']==1) {
 			$data = fgetcsv($handle,2096);
@@ -297,7 +299,7 @@ function parsecsv($data) {
 ?>
 			</tbody>
 			</table>
- 
+
 <?php
 		foreach($_POST as $k=>$v) {
 			echo "<input type=hidden name=\"" . Sanitize::encodeStringForDisplay($k) . "\" value=\"".Sanitize::encodeStringForDisplay($v)."\">\n";
diff --git a/assess2/common_start.php b/assess2/common_start.php
index c16869860e..5004d866d5 100644
--- a/assess2/common_start.php
+++ b/assess2/common_start.php
@@ -22,7 +22,7 @@
 
 $canViewAll = $isteacher || $istutor;
 $isActualTeacher = $isteacher && !isset($instrPreviewId);
-$isRealStudent = (isset($studentid) && !isset($sessiondata['stuview']));
+$isRealStudent = (isset($studentid) && !isset($_SESSION['stuview']));
 
 if (!$isRealStudent) {
   $studentinfo = array('latepasses' => 0, 'timelimitmult' => 1);
@@ -73,7 +73,7 @@ function prepDateDisp(&$out) {
 
 $useeditor = 1;
 
-if (isset($CFG['GEN']['keeplastactionlog']) && isset($sessiondata['loginlog'.$testsettings['courseid']])) {
+if (isset($CFG['GEN']['keeplastactionlog']) && isset($_SESSION['loginlog'.$testsettings['courseid']])) {
   $stm = $DBH->prepare("UPDATE imas_login_log SET lastaction=:lastaction WHERE id=:id");
   $stm->execute(array(':lastaction'=>time(), ':id'=>$_GET['cid']));
 }
diff --git a/assess2/displayq3.php b/assess2/displayq3.php
index b4b6a061f9..2e7e794aaf 100644
--- a/assess2/displayq3.php
+++ b/assess2/displayq3.php
@@ -583,7 +583,7 @@ function displayq($qnidx,$qidx,$seed,$doshowans,$showhints,$attemptn,$partattemp
 		if ($qdata['extref']!= '') {
 			$extref = explode('~~',$qdata['extref']);
 
-			if (isset($GLOBALS['questions']) && (!isset($GLOBALS['sessiondata']['isteacher']) || $GLOBALS['sessiondata']['isteacher']==false) && !isset($GLOBALS['sessiondata']['stuview'])) {
+			if (isset($GLOBALS['questions']) && (!isset($_SESSION['isteacher']) || $_SESSION['isteacher']==false) && !isset($_SESSION['stuview'])) {
 				$qref = $GLOBALS['questions'][$qnidx].'-'.($qnidx+1);
 			} else {
 				$qref = '';
@@ -602,7 +602,7 @@ function displayq($qnidx,$qidx,$seed,$doshowans,$showhints,$attemptn,$partattemp
 			}
 		}
 		if (($qdata['solutionopts']&2)==2 && $qdata['solution']!='') {
-			$addr = $GLOBALS['basesiteurl'] . "/assessment/showsoln.php?id=".$qidx.'&sig='.md5($qidx.$GLOBALS['sessiondata']['secsalt']);
+			$addr = $GLOBALS['basesiteurl'] . "/assessment/showsoln.php?id=".$qidx.'&sig='.md5($qidx.$_SESSION['secsalt']);
 			$addr .= '&t='.($qdata['solutionopts']&1).'&cid='.$GLOBALS['cid'];
 			if ($GLOBALS['cid']=='embedq' && isset($GLOBALS['theme'])) {
 				$addr .= '&theme='.Sanitize::encodeUrlParam($GLOBALS['theme']);
@@ -1711,7 +1711,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		if ($useeqnhelper) {
 			$params['helper'] = 1;
 		}
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$params['preview'] = 1;
 		}
 		$params['calcformat'] = $answerformat;
@@ -2067,7 +2067,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		if ($useeqnhelper) {
 			$params['helper'] = 1;
 		}
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$params['preview'] = 1;
 		}
 		$params['calcformat'] = Sanitize::encodeStringForDisplay($answerformat);
@@ -2265,7 +2265,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		if ($useeqnhelper) {
 			$params['helper'] = 1;
 		}
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$params['preview'] = 1;
 		}
 
@@ -2328,7 +2328,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		if ($useeqnhelper) {
 			$params['helper'] = 1;
 		}
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$params['preview'] = 1;
 		}
 
@@ -2389,7 +2389,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		if ($useeqnhelper) {
 			$params['helper'] = 1;
 		}
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$params['preview'] = 1;
 		}
 		$params['calcformat'] = $answerformat;
@@ -2511,7 +2511,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 			if ($useeqnhelper && $displayformat == 'usepreview') {
 				$params['helper'] = 1;
 			}
-			if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+			if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 				$params['preview'] = 1;
 			}
 			$params['calcformat'] = $answerformat;
@@ -2670,7 +2670,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 
 		$ansformats = array_map('trim',explode(',',$answerformat));
 
-		if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+		if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
 			$top = _('Enter your answer by selecting the shade type, and by clicking and dragging the sliders on the normal curve');
 			$shorttip = _('Adjust the sliders');
 		} else {
@@ -2687,7 +2687,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 			}
 			$shorttip = _('Enter an interval using interval notation');
 		}
-		if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+		if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
 			$out .=  '<div style="background:#fff;padding:10px;">';
 			$out .=  '<p style="margin:0px";>Shade: <select id="shaderegions'.$qn.'" onchange="imathasDraw.chgnormtype(this.id.substring(12));"><option value="1L">' . _('Left of a value') . '</option><option value="1R">' . _('Right of a value') . '</option>';
 			$out .=  '<option value="2B">' . _('Between two values') . '</option><option value="2O">' . _('2 regions') . '</option></select>. ' . _('Click and drag the arrows to adjust the values.');
@@ -2726,7 +2726,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		if ($useeqnhelper) {
 			$params['helper'] = 1;
 		}
-		if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+		if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
 			$classes[] = 'pseudohidden';
 			$params['format'] = 'normslider';
 		}
@@ -2741,7 +2741,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 			$answer = str_replace('"','',$answer);
 		}
 		if (isset($answer)) {
-			if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+			if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
 				$sa .=  '<div style="position: relative; width: 500px; height:200px;padding:0px;background:#fff;">';
 				$answer = preg_replace('/\s/','',$answer);
 				if (preg_match('/\(-oo,([\-\d\.]+)\)U\(([\-\d\.]+),oo\)/',$answer,$matches)) {
@@ -3008,10 +3008,10 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 				$settings[7] = $newheight;
 			}
 		}
-		if ($GLOBALS['sessiondata']['userprefs']['drawentry']==1 && $GLOBALS['sessiondata']['graphdisp']==0) {
+		if ($_SESSION['userprefs']['drawentry']==1 && $_SESSION['graphdisp']==0) {
 			//can't imagine why someone would pick this, but if they do, need to set graphdisp to 2 temporarily
 			$revertgraphdisp = true;
-			$GLOBALS['sessiondata']['graphdisp']=2;
+			$_SESSION['graphdisp']=2;
 		} else {
 			$revertgraphdisp = false;
 		}
@@ -3045,7 +3045,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		if (isset($GLOBALS['hidedrawcontrols'])) {
 			$out .= $plot;
 		} else {
-			if ($GLOBALS['sessiondata']['userprefs']['drawentry']==0) { //accessible entry
+			if ($_SESSION['userprefs']['drawentry']==0) { //accessible entry
 				$bg = 'a11ydraw:'.implode(',', $answerformat);
 				$out .= '<p>'._('Graph to add drawings to:').'</p>';
 				$out .= '<p>'.$plot.'</p>';
@@ -3299,7 +3299,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 			}
 		}
 		if ($revertgraphdisp) {
-			$GLOBALS['sessiondata']['graphdisp']=0;
+			$_SESSION['graphdisp']=0;
 		}
 		$tip = _('Enter your answer by drawing on the graph.');
 		if (isset($answers)) {
@@ -3476,8 +3476,8 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		$out .= getcolormark($colorbox);
 		if ($colorbox!='') { $out .= '</span>';}
 		if ($la!='') {
-			if (isset($GLOBALS['testsettings']) && isset($GLOBALS['sessiondata']['groupid']) && $GLOBALS['testsettings']>0 && $GLOBALS['sessiondata']['groupid']>0) {
-				$s3asid = 'grp'.$GLOBALS['sessiondata']['groupid'].'/'.$GLOBALS['testsettings']['id'];
+			if (isset($GLOBALS['testsettings']) && isset($_SESSION['groupid']) && $GLOBALS['testsettings']>0 && $_SESSION['groupid']>0) {
+				$s3asid = 'grp'.$_SESSION['groupid'].'/'.$GLOBALS['testsettings']['id'];
 			} else if (isset($GLOBALS['asid'])) {
 				$s3asid = $GLOBALS['asid'];
 			}
diff --git a/assess2/gbviewassess.php b/assess2/gbviewassess.php
index 3c3feee69d..f77ace8a96 100644
--- a/assess2/gbviewassess.php
+++ b/assess2/gbviewassess.php
@@ -30,11 +30,11 @@
   $exitUrl = $GLOBALS['basesiteurl'] . "/course/gradebook.php?stu=$stu&cid=$cid";
 }
 
-$isltilimited = (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0);
+$isltilimited = (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0);
 $inTreeReader = (strpos($_SERVER['HTTP_REFERER'],'treereader') !== false);
-$isdiag = isset($sessiondata['isdiag']);
+$isdiag = isset($_SESSION['isdiag']);
 if ($isdiag) {
-  $diagid = Sanitize::onlyInt($sessiondata['isdiag']);
+  $diagid = Sanitize::onlyInt($_SESSION['isdiag']);
   $hideAllHeaderNav = true;
 }
 
@@ -63,7 +63,7 @@
 $useeditor = 1;
 require('../header.php');
 
-if ((!$isltilimited || $sessiondata['ltirole']!='learner') && !$inTreeReader && !$isdiag) {
+if ((!$isltilimited || $_SESSION['ltirole']!='learner') && !$inTreeReader && !$isdiag) {
   echo "<div class=breadcrumb>";
   if ($isltilimited) {
     echo "$breadcrumbbase ";
diff --git a/assess2/index.php b/assess2/index.php
index 3f7e33e45a..8389aff367 100644
--- a/assess2/index.php
+++ b/assess2/index.php
@@ -16,11 +16,11 @@
 $cid = Sanitize::onlyInt($_GET['cid']);
 $aid = Sanitize::onlyInt($_GET['aid']);
 
-$isltilimited = (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0);
+$isltilimited = (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0);
 $inTreeReader = (strpos($_SERVER['HTTP_REFERER'],'treereader') !== false);
-$isdiag = isset($sessiondata['isdiag']);
+$isdiag = isset($_SESSION['isdiag']);
 if ($isdiag) {
-  $diagid = Sanitize::onlyInt($sessiondata['isdiag']);
+  $diagid = Sanitize::onlyInt($_SESSION['isdiag']);
   $hideAllHeaderNav = true;
 }
 
@@ -50,7 +50,7 @@
 $useeditor = 1;
 require('../header.php');
 
-if ((!$isltilimited || $sessiondata['ltirole']!='learner') && !$inTreeReader && !$isdiag) {
+if ((!$isltilimited || $_SESSION['ltirole']!='learner') && !$inTreeReader && !$isdiag) {
   echo "<div class=breadcrumb>";
   if ($isltilimited) {
     echo "$breadcrumbbase ", _('Assessment'), "</div>";
diff --git a/assess2/loadassess.php b/assess2/loadassess.php
index fa6884904e..217ceb13d9 100644
--- a/assess2/loadassess.php
+++ b/assess2/loadassess.php
@@ -96,10 +96,10 @@
 $assessInfoOut['userid'] = $uid;
 
 //set is_lti and is_diag
-$assessInfoOut['is_lti'] = isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0;
-$assessInfoOut['is_diag'] = isset($sessiondata['isdiag']);
+$assessInfoOut['is_lti'] = isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0;
+$assessInfoOut['is_diag'] = isset($_SESSION['isdiag']);
 if ($assessInfoOut['is_lti']) {
-  $assessInfoOut['has_ltisourcedid'] = !empty($sessiondata['lti_lis_result_sourcedid'.$aid]);
+  $assessInfoOut['has_ltisourcedid'] = !empty($_SESSION['lti_lis_result_sourcedid'.$aid]);
 }
 
 //set has password
@@ -180,8 +180,8 @@
   $assessInfoOut['diag_userid'] = substr($username,0,strpos($username,'~'));
 }
 
-$assessInfoOut['useMQ'] = (!isset($sessiondata['userprefs']['useeqed']) ||
-  $sessiondata['userprefs']['useeqed'] == 1);
+$assessInfoOut['useMQ'] = (!isset($_SESSION['userprefs']['useeqed']) ||
+  $_SESSION['userprefs']['useeqed'] == 1);
 
 //prep date display
 prepDateDisp($assessInfoOut);
diff --git a/assess2/loadquestion.php b/assess2/loadquestion.php
index 4502233d1f..eaf7ca4d7b 100644
--- a/assess2/loadquestion.php
+++ b/assess2/loadquestion.php
@@ -148,30 +148,29 @@
 
 // Try a Similar Question, if requested
 if ($doRegen) {
-  if (!isset($sessiondata['regendelay'])) {
-    $sessiondata['regendelay'] = 2;
+  if (!isset($_SESSION['regendelay'])) {
+    $_SESSION['regendelay'] = 2;
   }
-  if (isset($sessiondata['lastregen'])) {
-    if ($now-$sessiondata['lastregen']<$sessiondata['regendelay']) {
-      $sessiondata['regendelay'] = 5;
-      if (!isset($sessiondata['regenwarnings'])) {
-        $sessiondata['regenwarnings'] = 1;
+  if (isset($_SESSION['lastregen'])) {
+    if ($now-$_SESSION['lastregen']<$_SESSION['regendelay']) {
+      $_SESSION['regendelay'] = 5;
+      if (!isset($_SESSION['regenwarnings'])) {
+        $_SESSION['regenwarnings'] = 1;
       } else {
-        $sessiondata['regenwarnings']++;
+        $_SESSION['regenwarnings']++;
       }
-      if ($sessiondata['regenwarnings']>10) {
+      if ($_SESSION['regenwarnings']>10) {
         $stm = $DBH->prepare("INSERT INTO imas_log (time,log) VALUES (:time, :log)");
         $stm->execute(array(':time'=>$now, ':log'=>"Over 10 regen warnings triggered by $userid"));
       }
       echo '{"error": "fast_regen"}';
       exit;
     }
-    if ($now - $sessiondata['lastregen'] > 20) {
-      $sessiondata['regendelay'] = 2;
+    if ($now - $_SESSION['lastregen'] > 20) {
+      $_SESSION['regendelay'] = 2;
     }
   }
-  $sessiondata['lastregen'] = $now;
-  writesessiondata();
+  $_SESSION['lastregen'] = $now;
   if ($assess_record->canRegenQuestion($qn, $qid)) {
     $qid = $assess_record->buildNewQuestionVersion($qn, $qid);
     $assess_info->loadQuestionSettings(array($qid), true);
diff --git a/assess2/questions/QuestionHtmlGenerator.php b/assess2/questions/QuestionHtmlGenerator.php
index a50b14a0f4..691fddc207 100644
--- a/assess2/questions/QuestionHtmlGenerator.php
+++ b/assess2/questions/QuestionHtmlGenerator.php
@@ -888,8 +888,8 @@ private function getExternalReferences(): array
             if ($qdata['extref'] != '') {
                 $extref = explode('~~', $qdata['extref']);
 
-                if ($qid > 0 && (!isset($GLOBALS['sessiondata']['isteacher'])
-                        || $GLOBALS['sessiondata']['isteacher'] == false) && !isset($GLOBALS['sessiondata']['stuview'])) {
+                if ($qid > 0 && (!isset($_SESSION['isteacher'])
+                        || $_SESSION['isteacher'] == false) && !isset($_SESSION['stuview'])) {
                     $qref = $qid . '-' . ($qnidx + 1);
                 } else {
                     $qref = '';
@@ -922,7 +922,7 @@ private function getExternalReferences(): array
                 }
             }
             if (($qdata['solutionopts'] & 2) == 2 && $qdata['solution'] != '') {
-                $addr = $GLOBALS['basesiteurl'] . "/assessment/showsoln.php?id=" . $qidx . '&sig=' . md5($qidx . $GLOBALS['sessiondata']['secsalt']);
+                $addr = $GLOBALS['basesiteurl'] . "/assessment/showsoln.php?id=" . $qidx . '&sig=' . md5($qidx . $_SESSION['secsalt']);
                 $addr .= '&t=' . ($qdata['solutionopts'] & 1) . '&cid=' . $GLOBALS['cid'];
                 if ($GLOBALS['cid'] == 'embedq' && isset($GLOBALS['theme'])) {
                     $addr .= '&theme=' . Sanitize::encodeUrlParam($GLOBALS['theme']);
diff --git a/assess2/questions/answerboxes/CalculatedAnswerBox.php b/assess2/questions/answerboxes/CalculatedAnswerBox.php
index 768110358a..bf73b6f68f 100644
--- a/assess2/questions/answerboxes/CalculatedAnswerBox.php
+++ b/assess2/questions/answerboxes/CalculatedAnswerBox.php
@@ -141,7 +141,7 @@ public function generate(): void
     		if ($useeqnhelper) {
     			$params['helper'] = 1;
     		}
-    		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+    		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
     			$params['preview'] = 1;
     		}
     		$params['calcformat'] = $answerformat;
diff --git a/assess2/questions/answerboxes/CalculatedComplexAnswerBox.php b/assess2/questions/answerboxes/CalculatedComplexAnswerBox.php
index c7acc2124e..551263d232 100644
--- a/assess2/questions/answerboxes/CalculatedComplexAnswerBox.php
+++ b/assess2/questions/answerboxes/CalculatedComplexAnswerBox.php
@@ -85,7 +85,7 @@ public function generate(): void
     		if ($useeqnhelper) {
     			$params['helper'] = 1;
     		}
-    		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+    		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
     			$params['preview'] = 1;
     		}
     		$params['calcformat'] = $answerformat;
diff --git a/assess2/questions/answerboxes/CalculatedNTupleAnswerBox.php b/assess2/questions/answerboxes/CalculatedNTupleAnswerBox.php
index b34236d464..ee84acceb9 100644
--- a/assess2/questions/answerboxes/CalculatedNTupleAnswerBox.php
+++ b/assess2/questions/answerboxes/CalculatedNTupleAnswerBox.php
@@ -96,7 +96,7 @@ public function generate(): void
     		if ($useeqnhelper) {
     			$params['helper'] = 1;
     		}
-    		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+    		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
     			$params['preview'] = 1;
     		}
 
diff --git a/assess2/questions/answerboxes/DrawingAnswerBox.php b/assess2/questions/answerboxes/DrawingAnswerBox.php
index d98d2c0a3a..5c4b08ba86 100644
--- a/assess2/questions/answerboxes/DrawingAnswerBox.php
+++ b/assess2/questions/answerboxes/DrawingAnswerBox.php
@@ -203,10 +203,10 @@ public function generate(): void
     				$settings[7] = $newheight;
     			}
     		}
-    		if ($GLOBALS['sessiondata']['userprefs']['drawentry']==1 && $GLOBALS['sessiondata']['graphdisp']==0) {
+    		if ($_SESSION['userprefs']['drawentry']==1 && $_SESSION['graphdisp']==0) {
     			//can't imagine why someone would pick this, but if they do, need to set graphdisp to 2 temporarily
     			$revertgraphdisp = true;
-    			$GLOBALS['sessiondata']['graphdisp']=2;
+    			$_SESSION['graphdisp']=2;
     		} else {
     			$revertgraphdisp = false;
     		}
@@ -240,7 +240,7 @@ public function generate(): void
     		if (isset($GLOBALS['hidedrawcontrols'])) {
     			$out .= $plot;
     		} else {
-    			if ($GLOBALS['sessiondata']['userprefs']['drawentry']==0) { //accessible entry
+    			if ($_SESSION['userprefs']['drawentry']==0) { //accessible entry
     				$bg = 'a11ydraw:'.implode(',', $answerformat);
     				$out .= '<p>'._('Graph to add drawings to:').'</p>';
     				$out .= '<p>'.$plot.'</p>';
@@ -490,7 +490,7 @@ public function generate(): void
         if ($colorbox!='') { $out .= '</div>';}
 
     		if ($revertgraphdisp) {
-    			$GLOBALS['sessiondata']['graphdisp']=0;
+    			$_SESSION['graphdisp']=0;
     		}
     		$tip = _('Enter your answer by drawing on the graph.');
     		if (isset($answers)) {
diff --git a/assess2/questions/answerboxes/FunctionExpressionAnswerBox.php b/assess2/questions/answerboxes/FunctionExpressionAnswerBox.php
index 658f363248..3ca29b2af3 100644
--- a/assess2/questions/answerboxes/FunctionExpressionAnswerBox.php
+++ b/assess2/questions/answerboxes/FunctionExpressionAnswerBox.php
@@ -136,7 +136,7 @@ public function generate(): void
     		if ($useeqnhelper) {
     			$params['helper'] = 1;
     		}
-    		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+    		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
     			$params['preview'] = 1;
     		}
     		$params['calcformat'] = Sanitize::encodeStringForDisplay($answerformat);
diff --git a/assess2/questions/answerboxes/IntervalAnswerBox.php b/assess2/questions/answerboxes/IntervalAnswerBox.php
index ac4d77930d..827ee24346 100644
--- a/assess2/questions/answerboxes/IntervalAnswerBox.php
+++ b/assess2/questions/answerboxes/IntervalAnswerBox.php
@@ -55,7 +55,7 @@ public function generate(): void
 
         $ansformats = array_map('trim',explode(',',$answerformat));
 
-    		if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+    		if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
     			$top = _('Enter your answer by selecting the shade type, and by clicking and dragging the sliders on the normal curve');
     			$shorttip = _('Adjust the sliders');
     		} else {
@@ -72,7 +72,7 @@ public function generate(): void
     			}
     			$shorttip = _('Enter an interval using interval notation');
     		}
-    		if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+    		if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
           $out .= '<div id="qnwrap'.$qn.'" class="'.$colorbox.'">';
     			$out .=  '<div style="background:#fff;padding:10px;">';
     			$out .=  '<p style="margin:0px";>Shade: <select id="shaderegions'.$qn.'" onchange="imathasDraw.chgnormtype(this.id.substring(12));"><option value="1L">' . _('Left of a value') . '</option><option value="1R">' . _('Right of a value') . '</option>';
@@ -113,7 +113,7 @@ public function generate(): void
     		if ($useeqnhelper) {
     			$params['helper'] = 1;
     		}
-    		if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+    		if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
     			$classes[] = 'hidden';
     			$params['format'] = 'normslider';
           $params['helper'] = 0;
@@ -131,7 +131,7 @@ public function generate(): void
     			$answer = str_replace('"','',$answer);
     		}
     		if (isset($answer)) {
-    			if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+    			if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
     				$sa .=  '<div style="position: relative; width: 500px; height:200px;padding:0px;background:#fff;">';
     				$answer = preg_replace('/\s/','',$answer);
     				if (preg_match('/\(-oo,([\-\d\.]+)\)U\(([\-\d\.]+),oo\)/',$answer,$matches)) {
diff --git a/assess2/questions/answerboxes/StringAnswerBox.php b/assess2/questions/answerboxes/StringAnswerBox.php
index db7e7d2d6b..01ac429894 100644
--- a/assess2/questions/answerboxes/StringAnswerBox.php
+++ b/assess2/questions/answerboxes/StringAnswerBox.php
@@ -137,7 +137,7 @@ public function generate(): void
     				$params['helper'] = 1;
     			}
     			if (!isset($hidepreview) && $displayformat == 'usepreview' &&
-            $GLOBALS['sessiondata']['userprefs']['livepreview']==1
+            $_SESSION['userprefs']['livepreview']==1
           ) {
     				$params['preview'] = 1;
     			}
diff --git a/assess2/startassess.php b/assess2/startassess.php
index 8802e0e8f5..ea5f5781b8 100644
--- a/assess2/startassess.php
+++ b/assess2/startassess.php
@@ -62,8 +62,8 @@
 
 // reject if no lti_sourcedid and we expect it
 if (!$in_practice && !empty($_POST['has_ltisourcedid']) &&
-  (empty($sessiondata['lti_lis_result_sourcedid'.$aid]) ||
-   empty($sessiondata['lti_outcomeurl'])
+  (empty($_SESSION['lti_lis_result_sourcedid'.$aid]) ||
+   empty($_SESSION['lti_outcomeurl'])
   )
 ) {
   echo '{"error": "need_relaunch"}';
@@ -76,7 +76,7 @@
 
 // check password, if needed
 if (!$in_practice && !$canViewAll &&
-  (!isset($sessiondata['assess2-'.$aid]) || $sessiondata['assess2-'.$aid] != $in_practice) &&
+  (!isset($_SESSION['assess2-'.$aid]) || $_SESSION['assess2-'.$aid] != $in_practice) &&
   !$assess_info->checkPassword($_POST['password'])
 ) {
   echo '{"error": "invalid_password"}';
@@ -218,15 +218,15 @@
 }
 
 // update lti_sourcedid if needed
-if (!empty($sessiondata['lti_lis_result_sourcedid'.$aid]) &&
-  !empty($sessiondata['lti_outcomeurl'])
+if (!empty($_SESSION['lti_lis_result_sourcedid'.$aid]) &&
+  !empty($_SESSION['lti_outcomeurl'])
 ) {
-  $altltisourcedid = $sessiondata['lti_lis_result_sourcedid'.$aid].':|:'.$sessiondata['lti_outcomeurl'].':|:'.$sessiondata['lti_origkey'].':|:'.$sessiondata['lti_keylookup'];
+  $altltisourcedid = $_SESSION['lti_lis_result_sourcedid'.$aid].':|:'.$_SESSION['lti_outcomeurl'].':|:'.$_SESSION['lti_origkey'].':|:'.$_SESSION['lti_keylookup'];
   $assess_record->updateLTIsourcedId($altltisourcedid);
 }
 /*
-else if (isset($sessiondata['lti_lis_result_sourcedid'])) {
-  $altltisourcedid = $sessiondata['lti_lis_result_sourcedid'].':|:'.$sessiondata['lti_outcomeurl'].':|:'.$sessiondata['lti_origkey'].':|:'.$sessiondata['lti_keylookup'];
+else if (isset($_SESSION['lti_lis_result_sourcedid'])) {
+  $altltisourcedid = $_SESSION['lti_lis_result_sourcedid'].':|:'.$_SESSION['lti_outcomeurl'].':|:'.$_SESSION['lti_origkey'].':|:'.$_SESSION['lti_keylookup'];
   $assess_record->updateLTIsourcedId($altltisourcedid);
 }
 */
@@ -314,7 +314,7 @@
 }
 
 // get settings for LTI if needed
-if (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0) {
+if (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0) {
   if ($coursemsgset < 4 && $assessInfoOut['help_features']['message']==true) {
     $assessInfoOut['lti_showmsg'] = 1;
     // get msg count
@@ -337,8 +337,7 @@
 
 // store assessment start in session data, so we know if they've gotten past
 // password at some point
-$sessiondata['assess2-'.$aid] = $in_practice;
-writesessiondata();
+$_SESSION['assess2-'.$aid] = $in_practice;
 
 //prep date display
 prepDateDisp($assessInfoOut);
diff --git a/assessment/displayq2.php b/assessment/displayq2.php
index 12e3d90796..646a300272 100644
--- a/assessment/displayq2.php
+++ b/assessment/displayq2.php
@@ -148,9 +148,9 @@ function displayq($qnidx,$qidx,$seed,$doshowans,$showhints,$attemptn,$returnqtxt
 	if (isset($GLOBALS['rawscores'])) {
 		$scoreiscorrect = getiscorrect();
 	}
-	$a11yqs = 'a11y_graph='.Sanitize::onlyInt($GLOBALS['sessiondata']['userprefs']['graphdisp']);
-	$a11yqs .= '&amp;a11y_mouse='.Sanitize::onlyInt($GLOBALS['sessiondata']['userprefs']['drawentry']);
-	$a11yqs .= '&amp;a11y_math='.Sanitize::onlyInt($GLOBALS['sessiondata']['userprefs']['mathdisp']);
+	$a11yqs = 'a11y_graph='.Sanitize::onlyInt($_SESSION['userprefs']['graphdisp']);
+	$a11yqs .= '&amp;a11y_mouse='.Sanitize::onlyInt($_SESSION['userprefs']['drawentry']);
+	$a11yqs .= '&amp;a11y_math='.Sanitize::onlyInt($_SESSION['userprefs']['mathdisp']);
 
 
 	$preevalerror = error_get_last();
@@ -577,7 +577,7 @@ function displayq($qnidx,$qidx,$seed,$doshowans,$showhints,$attemptn,$returnqtxt
 		if ($qdata['extref']!= '') {
 			$extref = explode('~~',$qdata['extref']);
 
-			if (isset($GLOBALS['questions']) && (!isset($GLOBALS['sessiondata']['isteacher']) || $GLOBALS['sessiondata']['isteacher']==false) && !isset($GLOBALS['sessiondata']['stuview'])) {
+			if (isset($GLOBALS['questions']) && (!isset($_SESSION['isteacher']) || $_SESSION['isteacher']==false) && !isset($_SESSION['stuview'])) {
 				$qref = $GLOBALS['questions'][$qnidx].'-'.($qnidx+1);
 			} else {
 				$qref = '';
@@ -599,7 +599,7 @@ function displayq($qnidx,$qidx,$seed,$doshowans,$showhints,$attemptn,$returnqtxt
 			}
 		}
 		if (($qdata['solutionopts']&2)==2 && $qdata['solution']!='') {
-			$addr = $GLOBALS['basesiteurl'] . "/assessment/showsoln.php?id=".$qidx.'&sig='.md5($qidx.$GLOBALS['sessiondata']['secsalt']);
+			$addr = $GLOBALS['basesiteurl'] . "/assessment/showsoln.php?id=".$qidx.'&sig='.md5($qidx.$_SESSION['secsalt']);
 			$addr .= '&t='.($qdata['solutionopts']&1).'&cid='.$GLOBALS['cid'];
 			if ($GLOBALS['cid']=='embedq' && isset($GLOBALS['theme'])) {
 				$addr .= '&theme='.Sanitize::encodeUrlParam($GLOBALS['theme']);
@@ -1746,7 +1746,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		}
 		$out .= 'aria-describedby="tips'.$qnref.'" ';
 		$out .= 'aria-label="'.Sanitize::encodeStringForDisplay($shorttip).'" ';
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$out .= 'onKeyUp="updateLivePreview(this)" ';
 		}
 		$out .= "/>$rightb";
@@ -2014,7 +2014,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		}
 		$out .= 'aria-describedby="tips'.$qnref.'" ';
 		$out .= 'aria-label="'.Sanitize::encodeStringForDisplay($shorttip).'" ';
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$out .= 'onKeyUp="updateLivePreview(this)" ';
 		}
 		$out .= "/>\n";
@@ -2267,7 +2267,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		}
 		$out .= 'aria-describedby="tips'.$qnref.'" ';
 		$out .= 'aria-label="'.Sanitize::encodeStringForDisplay($shorttip).'" ';
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$out .= 'onKeyUp="updateLivePreview(this)" ';
 		}
 		$out .= "/>";
@@ -2375,7 +2375,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		}
 		$out .= 'aria-describedby="tips'.$qnref.'" ';
 		$out .= 'aria-label="'.Sanitize::encodeStringForDisplay($shorttip).'" ';
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$out .= 'onKeyUp="updateLivePreview(this)" ';
 		}
 		$out .= "/>";
@@ -2482,7 +2482,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 			}
 			$out .= 'aria-describedby="tips'.$qnref.'" ';
 			$out .= 'aria-label="'.Sanitize::encodeStringForDisplay($shorttip).'" ';
-			if ($displayformat == 'usepreview' && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+			if ($displayformat == 'usepreview' && $_SESSION['userprefs']['livepreview']==1) {
 				$out .= 'onKeyUp="updateLivePreview(this)" ';
 			}
 			$addlclass = '';
@@ -2640,7 +2640,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 
 		$ansformats = array_map('trim',explode(',',$answerformat));
 
-		if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+		if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
 			$top = _('Enter your answer by selecting the shade type, and by clicking and dragging the sliders on the normal curve');
 			$shorttip = _('Adjust the sliders');
 		} else {
@@ -2657,7 +2657,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 			}
 			$shorttip = _('Enter an interval using interval notation');
 		}
-		if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+		if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
 			$out .=  '<div style="background:#fff;padding:10px;">';
 			$out .=  '<p style="margin:0px";>Shade: <select id="shaderegions'.$qn.'" onchange="imathasDraw.chgnormtype(this.id.substring(12));"><option value="1L">' . _('Left of a value') . '</option><option value="1R">' . _('Right of a value') . '</option>';
 			$out .=  '<option value="2B">' . _('Between two values') . '</option><option value="2O">' . _('2 regions') . '</option></select>. ' . _('Click and drag the arrows to adjust the values.');
@@ -2680,7 +2680,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 			$out .= _('Enter an interval corresponding to the region to be shaded');
 		}
 		$out .= "<input class=\"text $colorbox\" type=\"text\"  size=\"$sz\" name=qn$qn id=qn$qn value=\"".Sanitize::encodeStringForDisplay($la)."\" autocomplete=\"off\"  ";
-		if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+		if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
 			$out .= 'style="position:absolute;visibility:hidden;" ';
 		}
 		/*if ($showtips==2) { //eqntips: work in progress
@@ -2714,7 +2714,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 			$answer = str_replace('"','',$answer);
 		}
 		if (isset($answer)) {
-			if (in_array('normalcurve',$ansformats) && $GLOBALS['sessiondata']['graphdisp']!=0) {
+			if (in_array('normalcurve',$ansformats) && $_SESSION['graphdisp']!=0) {
 				$sa .=  '<div style="position: relative; width: 500px; height:200px;padding:0px;background:#fff;">';
 				$answer = preg_replace('/\s/','',$answer);
 				if (preg_match('/\(-oo,([\-\d\.]+)\)U\(([\-\d\.]+),oo\)/',$answer,$matches)) {
@@ -2786,7 +2786,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		}
 		$out .= 'aria-describedby="tips'.$qnref.'" ';
 		$out .= 'aria-label="'.Sanitize::encodeStringForDisplay($shorttip).'" ';
-		if (!isset($hidepreview) && $GLOBALS['sessiondata']['userprefs']['livepreview']==1) {
+		if (!isset($hidepreview) && $_SESSION['userprefs']['livepreview']==1) {
 			$out .= 'onKeyUp="updateLivePreview(this)" ';
 		}
 		$out .= '/>';
@@ -2973,10 +2973,10 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 				$settings[7] = $newheight;
 			}
 		}
-		if ($GLOBALS['sessiondata']['userprefs']['drawentry']==1 && $GLOBALS['sessiondata']['graphdisp']==0) {
+		if ($_SESSION['userprefs']['drawentry']==1 && $_SESSION['graphdisp']==0) {
 			//can't imagine why someone would pick this, but if they do, need to set graphdisp to 2 temporarily
 			$revertgraphdisp = true;
-			$GLOBALS['sessiondata']['graphdisp']=2;
+			$_SESSION['graphdisp']=2;
 		} else {
 			$revertgraphdisp = false;
 		}
@@ -3010,7 +3010,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		if (isset($GLOBALS['hidedrawcontrols'])) {
 			$out .= $plot;
 		} else {
-			if ($GLOBALS['sessiondata']['userprefs']['drawentry']==0) { //accessible entry
+			if ($_SESSION['userprefs']['drawentry']==0) { //accessible entry
 				$bg = 'a11ydraw:'.implode(',', $answerformat);
 				$out .= '<p>'._('Graph to add drawings to:').'</p>';
 				$out .= '<p>'.$plot.'</p>';
@@ -3263,7 +3263,7 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 			$out .= "drawla[$qn] = $la;</script>";
 		}
 		if ($revertgraphdisp) {
-			$GLOBALS['sessiondata']['graphdisp']=0;
+			$_SESSION['graphdisp']=0;
 		}
 		$tip = _('Enter your answer by drawing on the graph.');
 		if (isset($answers)) {
@@ -3440,8 +3440,8 @@ function makeanswerbox($anstype, $qn, $la, $options,$multi,$colorbox='') {
 		$out .= getcolormark($colorbox);
 		if ($colorbox!='') { $out .= '</span>';}
 		if ($la!='') {
-			if (isset($GLOBALS['testsettings']) && isset($GLOBALS['sessiondata']['groupid']) && $GLOBALS['testsettings']>0 && $GLOBALS['sessiondata']['groupid']>0) {
-				$s3asid = 'grp'.$GLOBALS['sessiondata']['groupid'].'/'.$GLOBALS['testsettings']['id'];
+			if (isset($GLOBALS['testsettings']) && isset($_SESSION['groupid']) && $GLOBALS['testsettings']>0 && $_SESSION['groupid']>0) {
+				$s3asid = 'grp'.$_SESSION['groupid'].'/'.$GLOBALS['testsettings']['id'];
 			} else if (isset($GLOBALS['asid'])) {
 				$s3asid = $GLOBALS['asid'];
 			}
diff --git a/assessment/header.php b/assessment/header.php
index 2b3eeec9be..6f2a4fd98b 100644
--- a/assessment/header.php
+++ b/assessment/header.php
@@ -62,13 +62,13 @@ function getlastanswer(qn, part) {
 }
 
 if (isset($coursetheme)) {
-	$sessiondata['coursetheme'] = $coursetheme;
+	$_SESSION['coursetheme'] = $coursetheme;
 }
-if (isset($sessiondata['coursetheme'])) {
+if (isset($_SESSION['coursetheme'])) {
 	if (isset($flexwidth) || isset($usefullwidth)) {
-		$coursetheme = str_replace(array('_fw1920','_fw1000','_fw'),'',$sessiondata['coursetheme']);
+		$coursetheme = str_replace(array('_fw1920','_fw1000','_fw'),'',$_SESSION['coursetheme']);
 	} else {
-		$coursetheme = $sessiondata['coursetheme'];
+		$coursetheme = $_SESSION['coursetheme'];
 		$isfw = false;
 		if (strpos($coursetheme,'_fw1920')!==false) {
 			$isfw = 1920;
@@ -109,7 +109,7 @@ function getlastanswer(qn, part) {
 
 */
 
-if (isset($sessiondata['ltiitemtype']) && ($sessiondata['mathdisp']==1 || $sessiondata['mathdisp']==3)) {
+if (isset($_SESSION['ltiitemtype']) && ($_SESSION['mathdisp']==1 || $_SESSION['mathdisp']==3)) {
 	echo '<script type="text/x-mathjax-config">
 		MathJax.Hub.Queue(function () {
 			sendLTIresizemsg();
@@ -117,8 +117,8 @@ function getlastanswer(qn, part) {
 		MathJax.Hub.Register.MessageHook("End Process", sendLTIresizemsg);
 	     </script>';
 }
-//$sessiondata['mathdisp'] = 3;
-if (!isset($sessiondata['mathdisp'])) {
+//$_SESSION['mathdisp'] = 3;
+if (!isset($_SESSION['mathdisp'])) {
 	echo '<script type="text/javascript">var AMnoMathML = true;var ASnoSVG = true;var AMisGecko = 0;var AMnoTeX = false; var mathRenderer = "none"; function rendermathnode(el) {AMprocessNode(el);};</script>';
 	//echo '<script type="text/javascript" src="'.$imasroot.'/mathjax/MathJax.js?config=AM_CHTML&rev=2.6.1"></script>';
 	if (!empty($CFG['GEN']['uselocaljs'])) {
@@ -127,7 +127,7 @@ function getlastanswer(qn, part) {
 		echo '<script type="text/javascript" async src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=AM_CHTML-full"></script>';
 	}
 	echo "<script src=\"$imasroot/javascript/mathgraphcheck.js?v=021215\" type=\"text/javascript\"></script>\n";
-} else if ($sessiondata['mathdisp']==1 || $sessiondata['mathdisp']==3) {
+} else if ($_SESSION['mathdisp']==1 || $_SESSION['mathdisp']==3) {
 	echo '<script type="text/javascript">var AMTcgiloc = "'.$mathimgurl.'";</script>';
 	echo "<script src=\"$imasroot/javascript/ASCIIMathTeXImg_min.js?ver=100418\" type=\"text/javascript\"></script>\n";
 	echo '<script type="text/x-mathjax-config">
@@ -142,7 +142,7 @@ function getlastanswer(qn, part) {
 	}
 	echo '<script type="text/javascript">noMathRender = false; var usingASCIIMath = true; var AMnoMathML = false; var MathJaxCompatible = true; var mathRenderer = "MathJax"; function rendermathnode(node) { MathJax.Hub.Queue(["Typeset", MathJax.Hub, node]); } </script>';
 	echo '<style type="text/css">span.MathJax { font-size: 105%;}</style>';
-} else if ($sessiondata['mathdisp']==6) {
+} else if ($_SESSION['mathdisp']==6) {
 	//Katex experimental
 	echo '<script type="text/javascript">var AMTcgiloc = "'.$mathimgurl.'";</script>';
 	echo "<script src=\"$imasroot/javascript/ASCIIMathTeXImg_min.js?ver=100418\" type=\"text/javascript\"></script>\n";
@@ -175,14 +175,14 @@ function setupKatexAutoRenderWhenReady() {
 		</script>';
 	echo '<script type="text/javascript">noMathRender = false; var usingASCIIMath = true; var AMnoMathML = true; var MathJaxCompatible = true; var mathRenderer = "Katex";</script>';
 	//echo '<style type="text/css">span.AM { font-size: 105%;}</style>';
-} else if ($sessiondata['mathdisp']==2) {
+} else if ($_SESSION['mathdisp']==2) {
 	echo '<script type="text/javascript">var AMTcgiloc = "'.$mathimgurl.'";</script>';
 	echo "<script src=\"$imasroot/javascript/ASCIIMathTeXImg_min.js?v=042318\" type=\"text/javascript\"></script>\n";
 	echo "<script type=\"text/javascript\">var usingASCIIMath = false;var MathJaxCompatible = false;var mathRenderer = \"img\";function rendermathnode(el) {AMprocessNode(el);}</script>";
-} else if ($sessiondata['mathdisp']==0) {
+} else if ($_SESSION['mathdisp']==0) {
 	echo '<script type="text/javascript">var noMathRender = true; var usingASCIIMath = false; var MathJaxCompatible = false; var mathRenderer = "none";function rendermathnode(el) {}</script>';
 }
-if ($sessiondata['graphdisp']==1) {
+if ($_SESSION['graphdisp']==1) {
 	echo "<script src=\"$imasroot/javascript/ASCIIsvg_min.js?v=110119\" type=\"text/javascript\"></script>\n";
 	echo "<script type=\"text/javascript\">var usingASCIISvg = true;</script>";
 } else {
@@ -211,7 +211,7 @@ function setupKatexAutoRenderWhenReady() {
 <?php
 
 echo "<script type=\"text/javascript\">imasroot = '$imasroot';</script>";
-if (isset($useeditor) && $sessiondata['useed']==1) {
+if (isset($useeditor) && $_SESSION['useed']==1) {
 	echo '<script type="text/javascript" src="'.$imasroot.'/tinymce4/tinymce_bundled.min.js?v=051919"></script>';
 	//echo '<script type="text/javascript" src="'.$imasroot.'/tinymce4/tinymce.min.js?v=082716"></script>';
 	echo "\n";
@@ -229,7 +229,7 @@ function setupKatexAutoRenderWhenReady() {
 } else {
 	echo '<script type="text/javascript">var usingTinymceEditor = false;</script>';
 }
-if ((isset($useeditor) && $sessiondata['useed']==1) || isset($loadiconfont)) {
+if ((isset($useeditor) && $_SESSION['useed']==1) || isset($loadiconfont)) {
 	echo '<link rel="stylesheet" href="'.$imasroot . '/iconfonts/imathasfont.css?v=013118" type="text/css" />';
 	echo '<!--[if lte IE 7]><link rel="stylesheet" href="'.$imasroot . '/iconfonts/imathasfontie7.css?v=013118" type="text/css" /><![endif]-->';
 }
@@ -264,7 +264,7 @@ function setupKatexAutoRenderWhenReady() {
 if (isset($CFG['GEN']['translatewidgetID'])) {
 	echo '<meta name="google-translate-customization" content="'.$CFG['GEN']['translatewidgetID'].'"></meta>';
 }
-if (isset($sessiondata['ltiitemtype'])) {
+if (isset($_SESSION['ltiitemtype'])) {
 	echo '<script type="text/javascript">
 	if (mathRenderer == "Katex") {
 		window.katexDoneCallback = sendLTIresizemsg;
@@ -293,7 +293,7 @@ function setupKatexAutoRenderWhenReady() {
 	require("$curdir/../{$CFG['GEN']['headerinclude']}");
 }
 
-if (isset($cid) && !isset($flexwidth) && !isset($hideAllHeaderNav) && !$isdiag && (!isset($sessiondata['intreereader']) || $sessiondata['intreereader']==false)) {
+if (isset($cid) && !isset($flexwidth) && !isset($hideAllHeaderNav) && !$isdiag && (!isset($_SESSION['intreereader']) || $_SESSION['intreereader']==false)) {
 	echo '<div id="navlistcont" role="navigation" aria-label="'._('Course Navigation').'">';
 	echo '<ul id="navlist">';
 
diff --git a/assessment/libs/ineq.php b/assessment/libs/ineq.php
index 76ee378d0d..64fdbe4327 100644
--- a/assessment/libs/ineq.php
+++ b/assessment/libs/ineq.php
@@ -206,7 +206,7 @@ function ineqbetweenplot($funcs) {
 	}
 
 	$p = showplot($newfuncstr,$settings[0],$settings[1],$settings[2],$settings[3],$settings[4],$settings[5],$settings[6],$settings[7]);
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		$parts = explode('<table', $p);
 		for ($i=0;$i<count($parts)-1;$i++) {
 			$parts[$i] .= ', Shaded '.$shadedir[$i];
@@ -316,7 +316,7 @@ function ineqplot($funcs) {
 		$xmin = $settings[0];
 		$xmax = $settings[1];
 
-		if ($GLOBALS['sessiondata']['graphdisp']==0) {
+		if ($_SESSION['graphdisp']==0) {
 			$dx = 1;
 			$alt .= "<table class=stats><thead><tr><th>x</th><th>y</th></thead></tr><tbody>";
 			$stopat = ($xmax-$xmin)+1;
@@ -368,7 +368,7 @@ function ineqplot($funcs) {
 		}
 		$commands .= $shades;
 	}
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alt;
 	} else {
 		return "<embed type='image/svg+xml' align='middle' width='$settings[6]' height='$settings[7]' src='{$GLOBALS['imasroot']}/javascript/d.svg' script='$commands' />\n";
@@ -458,7 +458,7 @@ function ineqbetweenplot($funcs) {
 		$xmin = $settings[0];
 		$xmax = $settings[1];
 
-		if ($GLOBALS['sessiondata']['graphdisp']==0) {
+		if ($_SESSION['graphdisp']==0) {
 			$dx = 1;
 			$alt .= "<table class=stats><thead><tr><th>x</th><th>y</th></thead></tr><tbody>";
 			$stopat = ($xmax-$xmin)+1;
@@ -517,7 +517,7 @@ function ineqbetweenplot($funcs) {
 		}
 	}
 	$commands .= $shades;
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alt;
 	} else {
 		return "<embed type='image/svg+xml' align='middle' width='$settings[6]' height='$settings[7]' src='{$GLOBALS['imasroot']}/javascript/d.svg' script='$commands' />\n";
diff --git a/assessment/libs/interval.php b/assessment/libs/interval.php
index 3bd63fc033..9294639a2f 100644
--- a/assessment/libs/interval.php
+++ b/assessment/libs/interval.php
@@ -94,7 +94,7 @@ function linegraph($intvs) {
 			$commands .= ');';
 		}
 	}
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alt;
 	} else {
 		return "<embed type='image/svg+xml' align='middle' width='$settings[3]' height='$settings[4]' src='{$GLOBALS['imasroot']}/javascript/d.svg' script='$commands' />\n";
@@ -169,7 +169,7 @@ function linegraphbrackets($intvs) {
 			}
 		}
 	}
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alt;
 	} else {
 		return "<embed type='image/svg+xml' align='middle' width='$settings[3]' height='$settings[4]' src='{$GLOBALS['imasroot']}/javascript/d.svg' script='$commands' />\n";
diff --git a/assessment/libs/plot3d.php b/assessment/libs/plot3d.php
index 1946a2c4fd..e5679ad3c4 100644
--- a/assessment/libs/plot3d.php
+++ b/assessment/libs/plot3d.php
@@ -79,7 +79,7 @@ function plot3d($func,$umin=-2,$umax=2,$vmin=-2,$vmax=2,$disc=20,$width=300,$hei
 
 	  $useragent = $_SERVER['HTTP_USER_AGENT'];
 	  $oldschool = false;
-	  if (isset($GLOBALS['sessiondata']['useflash'])) {
+	  if (isset($_SESSION['useflash'])) {
 		$oldschool = true;
 	  } else if (preg_match('/MSIE\s*(\d+)/i',$useragent,$matches)) {
 		if ($matches[1]<9) {
@@ -87,7 +87,7 @@ function plot3d($func,$umin=-2,$umax=2,$vmin=-2,$vmax=2,$disc=20,$width=300,$hei
 		}
 	  }
 
-	  if ($oldschool || isset($GLOBALS['sessiondata']['useflash'])) {
+	  if ($oldschool || isset($_SESSION['useflash'])) {
 	  	$r = uniqid();
 		  $GLOBALS['3dplotcnt'] = $r;
 		  $html .= "<div id=\"plot3d$r\">";
@@ -168,7 +168,7 @@ function spacecurve($func,$tmin,$tmax) {
 
 	$useragent = $_SERVER['HTTP_USER_AGENT'];
 	$oldschool = false;
-	if (isset($GLOBALS['sessiondata']['useflash'])) {
+	if (isset($_SESSION['useflash'])) {
 		$oldschool = true;
 	} else if (preg_match('/MSIE\s*(\d+)/i',$useragent,$matches)) {
 		if ($matches[1]<9) {
diff --git a/assessment/libs/stats.php b/assessment/libs/stats.php
index 8048dfc615..42e5324b09 100644
--- a/assessment/libs/stats.php
+++ b/assessment/libs/stats.php
@@ -506,7 +506,7 @@ function histogram($a,$label,$start,$cw,$startlabel=false,$upper=false,$width=30
 		$x += $dxdiff;
 	}
 	$alt .= "</tbody></table>\n";
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alt;
 	}
 
@@ -567,7 +567,7 @@ function fdhistogram($freq,$label,$start,$cw,$startlabel=false,$upper=false,$wid
 		$x += $dxdiff;
 	}
 	$alt .= "</tbody></table>\n";
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alt;
 	}
 	$outst = "setBorder(".(40+7*strlen($maxfreq)).",40,20,5);  initPicture(".($start>0?(max($start-.9*$cw,0)):$start).",$x,0,$maxfreq);";
@@ -652,7 +652,7 @@ function fdbargraph($bl,$freq,$label,$width=300,$height=200,$options=array()) {
 	}
 	$x -= 2*$gap;
 	$alt .= "</tbody></table>\n";
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alt;
 	}
 	$x++;
@@ -696,7 +696,7 @@ function fdbargraph($bl,$freq,$label,$width=300,$height=200,$options=array()) {
 //labels: array of labels for each pie piece
 //uses Google Charts API
 function piechart($pcts,$labels,$w=250,$h=130) {
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		$out .= '<table><caption>'._('Pie Chart').'</caption>';
 		$out .= '<tr><th>'.Sanitize::encodeStringForDisplay($datalabel).'</th>';
 		$out .= '<th>'._('Percent').'</th></tr>';
@@ -911,7 +911,7 @@ function boxplot($arr,$label="",$options = array()) {
 		}
 	}
 	$ycnt = $ybase-1;
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alt;
 	}
 	$dw = $bigmax-$bigmin;
diff --git a/assessment/libs/virtmanip.php b/assessment/libs/virtmanip.php
index ffe7219464..05b1a609d9 100644
--- a/assessment/libs/virtmanip.php
+++ b/assessment/libs/virtmanip.php
@@ -32,9 +32,9 @@
 
 function vmsetup($vmname, $vmparams, $width, $height, $qn, $part=null) {
 	if ($part !== null) {$qn = 1000*($qn)+$part;} else {$qn--;}
-	$vmparams['a11y_graph'] = Sanitize::onlyInt($GLOBALS['sessiondata']['userprefs']['graphdisp']);
-	$vmparams['a11y_mouse'] = Sanitize::onlyInt($GLOBALS['sessiondata']['userprefs']['drawentry']);
-	$vmparams['a11y_math'] = Sanitize::onlyInt($GLOBALS['sessiondata']['userprefs']['mathdisp']);
+	$vmparams['a11y_graph'] = Sanitize::onlyInt($_SESSION['userprefs']['graphdisp']);
+	$vmparams['a11y_mouse'] = Sanitize::onlyInt($_SESSION['userprefs']['drawentry']);
+	$vmparams['a11y_math'] = Sanitize::onlyInt($_SESSION['userprefs']['mathdisp']);
 	$vmparams['qn'] = $qn;
 
 	if (substr($vmname,0,4)!='http') {
diff --git a/assessment/macros.php b/assessment/macros.php
index 882203f0ed..6bf0097527 100644
--- a/assessment/macros.php
+++ b/assessment/macros.php
@@ -353,7 +353,7 @@ function showplot($funcs) { //optional arguments:  $xmin,$xmax,$ymin,$ymax,label
 			$domainlimited = true;
 		} else {$xmax = $winxmax;}
 
-		if ($GLOBALS['sessiondata']['graphdisp']==0) {
+		if ($_SESSION['graphdisp']==0) {
 			if ($xmax-$xmin>2 || $xmax==$xmin) {
 				$dx = 1;
 				$stopat = ($xmax-$xmin)+1;
@@ -409,7 +409,7 @@ function showplot($funcs) { //optional arguments:  $xmin,$xmax,$ymin,$ymax,label
 					$alt .= "<tr><td>$x</td><td>$y</td></tr>";
 				}
 			} else {
-				$x = $xmin + $dx*$i + (($i<$stopat/2)?1E-10:-1E-10) - (($domainlimited || $GLOBALS['sessiondata']['graphdisp']==0)?0:5*abs($xmax-$xmin)/$plotwidth);
+				$x = $xmin + $dx*$i + (($i<$stopat/2)?1E-10:-1E-10) - (($domainlimited || $_SESSION['graphdisp']==0)?0:5*abs($xmax-$xmin)/$plotwidth);
 				if (in_array($x,$avoid)) { continue;}
 				//echo $func.'<br/>';
 				$y = $evalfunc(['x'=>$x]);
@@ -602,7 +602,7 @@ function showplot($funcs) { //optional arguments:  $xmin,$xmax,$ymin,$ymax,label
 	$commands = "setBorder(5); initPicture({$winxmin},{$winxmax},{$ymin},{$ymax});".$commands;
 	$alt = "Graphs with window x: {$winxmin} to {$winxmax}, y: {$ymin} to {$ymax}. ".$alt;
 
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alt;
 	} else {
 		return "<embed type='image/svg+xml' align='middle' width='$plotwidth' height='$plotheight' script='$commands' />\n";
@@ -616,7 +616,7 @@ function addplotborder($plot,$left,$bottom=5,$right=5,$top=5) {
 }
 
 function replacealttext($plot, $alttext) {
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $alttext;
 	} else {
 		if (strpos($plot, 'alt="')!==false) { //replace
@@ -634,7 +634,7 @@ function addlabel($plot,$x,$y,$lbl) {
 	} else {
 		$color = "black";
 	}
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $plot .= "Label &quot;$lbl&quot; at ($x,$y). ";
 	}
 	if (func_num_args()>6) {
@@ -655,7 +655,7 @@ function addlabelabs($plot,$x,$y,$lbl) {
 	} else {
 		$color = "black";
 	}
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $plot .= "Label &quot;$lbl&quot; at pixel coordinates ($x,$y).";
 	}
 	if (func_num_args()>6) {
@@ -683,7 +683,7 @@ function mergeplots($plota) {
 	}
 	for ($i=1;$i<$n;$i++) {
 		$plotb = func_get_arg($i);
-		if ($GLOBALS['sessiondata']['graphdisp']==0) {
+		if ($_SESSION['graphdisp']==0) {
 			$newtext = preg_replace('/^Graphs.*?y:.*?to.*?\.\s/', '', $plotb);
 			$plota .= $newtext;
 		} else {
@@ -695,7 +695,7 @@ function mergeplots($plota) {
 }
 
 function addfractionaxislabels($plot,$step) {
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		return $plot .= "Horizontal axis labels in steps of $step.";
 	}
 	if (strpos($step,'/')===false) {
@@ -766,7 +766,7 @@ function connectthedots($xarray,$yarray,$color='black',$thick=1,$startdot='',$en
 }
 
 function showasciisvg($script, $width=200, $height=200, $alt="") {
-	if ($GLOBALS['sessiondata']['graphdisp']==0) {
+	if ($_SESSION['graphdisp']==0) {
 		if ($alt != '') {
 			return $alt;
 		} else {
@@ -1472,7 +1472,7 @@ function jointshuffle($a1,$a2) {  //optional third & fourth params $n1 and $n2
 
 
 function listtoarray($l) {
-	if (func_num_args()>1 && ($GLOBALS['sessiondata']['isteacher'] || isset($GLOBALS['teacherid']))) {
+	if (func_num_args()>1 && ($_SESSION['isteacher'] || isset($GLOBALS['teacherid']))) {
 		echo "Warning:  listtoarray expects one argument, more than one provided";
 	}
 	return array_map('trim',explode(',',$l));
diff --git a/assessment/printtest.php b/assessment/printtest.php
index 6ad35d8f29..7bb9620d5a 100644
--- a/assessment/printtest.php
+++ b/assessment/printtest.php
@@ -1,7 +1,7 @@
 <?php
 	require("../init.php");
-	$isteacher = (isset($teacherid) || $sessiondata['isteacher']==true);
-	if (!isset($sessiondata['sessiontestid']) && !$isteacher) {
+	$isteacher = (isset($teacherid) || $_SESSION['isteacher']==true);
+	if (!isset($_SESSION['sessiontestid']) && !$isteacher) {
 		echo "<html><body>Error. </body></html>\n";
 		exit;
 	}
@@ -24,7 +24,7 @@
 			});
 			</script>';
 	}
-	$sessiondata['coursetheme'] = $coursetheme;
+	$_SESSION['coursetheme'] = $coursetheme;
 	require("header.php");
 	echo "<style type=\"text/css\" media=\"print\">.hideonprint {display:none;} p.tips {display: none;}\n input.btn, button.btn {display: none;}\n textarea {display: none;}\n .question, .review {background-color:#fff;}</style>\n";
 	echo "<style type=\"text/css\">p.tips {	display: none;} input.sabtn,input.dsbtn {display: none;}</style>\n";
@@ -59,7 +59,7 @@ function toggleqs() {
 	if ($isteacher && isset($_GET['asid'])) {
 		$testid = Sanitize::onlyInt($_GET['asid']);
 	} else {
-		$testid = $sessiondata['sessiontestid'];
+		$testid = $_SESSION['sessiontestid'];
 	}
 	$stm = $DBH->prepare("SELECT * FROM imas_assessment_sessions WHERE id=:id");
 	$stm->execute(array(':id'=>$testid));
diff --git a/assessment/showsoln.php b/assessment/showsoln.php
index 909e512d60..deb440d6d4 100644
--- a/assessment/showsoln.php
+++ b/assessment/showsoln.php
@@ -2,13 +2,13 @@
 require_once("../includes/sanitize.php");
 
 if ($_GET['cid']==="embedq") {
-	$sessiondata = array();
+	$_SESSION = array();
 	require("../init_without_validate.php");
 	require("../i18n/i18n.php");
 	$cid = "embedq";
-	$sessiondata['secsalt'] = "12345";
-	$sessiondata['graphdisp'] = 1;
-	$sessiondata['mathdisp'] = 1;
+	$_SESSION['secsalt'] = "12345";
+	$_SESSION['graphdisp'] = 1;
+	$_SESSION['mathdisp'] = 1;
 	if (isset($_GET['theme'])) {
 		$coursetheme = 	$_GET['theme'];
 	}
@@ -19,12 +19,12 @@
 $id = Sanitize::onlyInt($_GET['id']);
 $sig = $_GET['sig'];
 $t = Sanitize::onlyInt($_GET['t']);
-$sessiondata['coursetheme'] = $coursetheme;
+$_SESSION['coursetheme'] = $coursetheme;
 
 $flexwidth = true;
 require("header.php");
 echo '<p><b style="font-size:110%">'._('Written Example').'</b> '._('of a similar problem').'</p>';
-if ($sig != md5($id.$sessiondata['secsalt'])) {
+if ($sig != md5($id.$_SESSION['secsalt'])) {
 	echo "invalid signature - not authorized to view the solution for this problem";
 	exit;
 }
diff --git a/assessment/showtest.php b/assessment/showtest.php
index 5c0a903e8a..d28e2ef932 100644
--- a/assessment/showtest.php
+++ b/assessment/showtest.php
@@ -23,7 +23,7 @@
 	if (isset($instrPreviewId)) {
 		$teacherid=$instrPreviewId;
 	}
-	if (!isset($sessiondata['sessiontestid']) && !isset($teacherid) && !isset($tutorid) && !isset($studentid)) {
+	if (!isset($_SESSION['sessiontestid']) && !isset($teacherid) && !isset($tutorid) && !isset($studentid)) {
 		echo "<html><body>";
 		echo _("You are not authorized to view this page.  If you are trying to reaccess an assessment you've already started, access it from the course page");
 		echo "</body></html>\n";
@@ -37,9 +37,9 @@
 		unset($teacherid);
 		$actas = true;
 	}
-	$isRealStudent = (isset($studentid) && !$actas && !isset($sessiondata['stuview']));
+	$isRealStudent = (isset($studentid) && !$actas && !isset($_SESSION['stuview']));
 	$latepasses = 0;
-	if (!isset($sessiondata['stuview'])) { //want to load for actas too
+	if (!isset($_SESSION['stuview'])) { //want to load for actas too
 		require_once("../includes/exceptionfuncs.php");
 		if ($isRealStudent) {
 			$exceptionfuncs = new ExceptionFuncs($userid, $cid, true, $studentinfo['latepasses'], $latepasshrs);
@@ -155,7 +155,7 @@
 					echo "<p><a href=\"$imasroot/course/redeemlatepass.php?cid=$cid&aid=$aid\">", _('Use LatePass'), "</a></p>";
 				}
 
-				if (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0 && $sessiondata['ltiitemid']==$aid) {
+				if (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0 && $_SESSION['ltiitemid']==$aid) {
 					//in LTI and right item
 					list($atype,$sa) = explode('-',$adata['deffeedback']);
 					if ($sa!='N') {
@@ -309,13 +309,13 @@
 		if ($isRealStudent) {
 		   $stm = $DBH->prepare("SELECT latepass FROM imas_students WHERE userid=:userid AND courseid=:courseid");
 		   $stm->execute(array(':userid'=>$userid, ':courseid'=>$adata['courseid']));
-		   $sessiondata['latepasses'] = $stm->fetchColumn(0);
+		   $_SESSION['latepasses'] = $stm->fetchColumn(0);
 		} else {
-			$sessiondata['latepasses'] = 0;
+			$_SESSION['latepasses'] = 0;
 		}
-		$sessiondata['latepasshrs'] = $latepasshrs;
+		$_SESSION['latepasshrs'] = $latepasshrs;
 
-		$sessiondata['istutorial'] = $adata['istutorial'];
+		$_SESSION['istutorial'] = $adata['istutorial'];
 		$_SESSION['choicemap'] = array();
 		$stm = $DBH->prepare("SELECT id,agroupid,lastanswers,bestlastanswers,starttime,ver FROM imas_assessment_sessions WHERE userid=:userid AND assessmentid=:assessmentid ORDER BY id DESC LIMIT 1");
 		$stm->execute(array(':userid'=>$userid, ':assessmentid'=>$_GET['id']));
@@ -356,7 +356,7 @@
 				$stm->execute(array(':userid'=>$userid, ':groupsetid'=>$adata['groupsetid']));
 				if ($stm->rowCount()>0) {
 					$stugroupid = $stm->fetchColumn(0);
-					$sessiondata['groupid'] = $stugroupid;
+					$_SESSION['groupid'] = $stugroupid;
 				} else {
 					if ($adata['isgroup']==3) {
 						echo "<html><body>", _('You are not yet a member of a group.  Contact your instructor to be added to a group.'), "  <a href=\"$imasroot/course/course.php?cid=".Sanitize::courseId($_GET['cid'])."\">Back</a></body></html>";
@@ -366,9 +366,9 @@
 					$stm->execute(array(':groupsetid'=>$adata['groupsetid']));
 					$stugroupid = $DBH->lastInsertId();
 					//if ($adata['isgroup']==3) {
-					//	$sessiondata['groupid'] = $stugroupid;
+					//	$_SESSION['groupid'] = $stugroupid;
 					//} else {
-						$sessiondata['groupid'] = 0;  //leave as 0 to trigger adding group members
+						$_SESSION['groupid'] = 0;  //leave as 0 to trigger adding group members
 					//}
 					$stm = $DBH->prepare("INSERT INTO imas_stugroupmembers (userid,stugroupid) VALUES (:userid, :stugroupid)");
 					$stm->execute(array(':userid'=>$userid, ':stugroupid'=>$stugroupid));
@@ -377,8 +377,8 @@
 			}
 			$deffeedbacktext = $adata['deffeedbacktext'];
 
-			if (isset($sessiondata['lti_lis_result_sourcedid'.$aid]) && strlen($sessiondata['lti_lis_result_sourcedid'.$aid])>1) {
-				$ltisourcedid = $sessiondata['lti_lis_result_sourcedid'.$aid].':|:'.$sessiondata['lti_outcomeurl'].':|:'.$sessiondata['lti_origkey'].':|:'.$sessiondata['lti_keylookup'];
+			if (isset($_SESSION['lti_lis_result_sourcedid'.$aid]) && strlen($_SESSION['lti_lis_result_sourcedid'.$aid])>1) {
+				$ltisourcedid = $_SESSION['lti_lis_result_sourcedid'.$aid].':|:'.$_SESSION['lti_outcomeurl'].':|:'.$_SESSION['lti_origkey'].':|:'.$_SESSION['lti_keylookup'];
 			} else {
 				$ltisourcedid = '';
 			}
@@ -392,10 +392,10 @@
 			if ($result===false) {
 				echo _('Error DupASID.') . ' <a href="showtest.php?cid='.$cid.'&aid='.$aid.'">' . _("Try again") . '</a>';
 			}
-			$sessiondata['sessiontestid'] = $DBH->lastInsertId();
+			$_SESSION['sessiontestid'] = $DBH->lastInsertId();
 
 			if ($stugroupid==0) {
-				$sessiondata['groupid'] = 0;
+				$_SESSION['groupid'] = 0;
 			} else {
 				//if a group assessment and already in a group, we'll create asids for all the group members now
 				$stm = $DBH->prepare("SELECT userid FROM imas_stugroupmembers WHERE stugroupid=:stugroupid AND userid<>:userid");
@@ -415,45 +415,43 @@
 				}
 
 			}
-			$sessiondata['isreview'] = $isreview;
+			$_SESSION['isreview'] = $isreview;
 			if (isset($teacherid) || isset($tutorid) || $actas) {
-				$sessiondata['isteacher']=true;
+				$_SESSION['isteacher']=true;
 			} else {
-				$sessiondata['isteacher']=false;
+				$_SESSION['isteacher']=false;
 			}
 			if ($actas) {
-				$sessiondata['actas']=$_GET['actas'];
-				$sessiondata['isreview'] = false;
+				$_SESSION['actas']=$_GET['actas'];
+				$_SESSION['isreview'] = false;
 			} else {
-				unset($sessiondata['actas']);
+				unset($_SESSION['actas']);
 			}
 			if (strpos($_SERVER['HTTP_REFERER'],'treereader')!==false) {
-				$sessiondata['intreereader'] = true;
+				$_SESSION['intreereader'] = true;
 			} else {
-				$sessiondata['intreereader'] = false;
+				$_SESSION['intreereader'] = false;
 			}
 
 			$stm = $DBH->prepare("SELECT name,theme,msgset,toolset FROM imas_courses WHERE id=:id");
 			$stm->execute(array(':id'=>$_GET['cid']));
 			$courseinfo = $stm->fetch(PDO::FETCH_ASSOC);
-			$sessiondata['courseid'] = Sanitize::courseId($_GET['cid']);
-			$sessiondata['coursename'] = $courseinfo['name'];
+			$_SESSION['courseid'] = Sanitize::courseId($_GET['cid']);
+			$_SESSION['coursename'] = $courseinfo['name'];
 			if (!isset($coursetheme)) { //should already be set from validate.php
 				$coursetheme = $courseinfo['theme'];
 			}
-			if (isset($sessiondata['userprefs']['usertheme']) && strcmp($sessiondata['userprefs']['usertheme'],'0')!=0) {
-				$coursetheme = $sessiondata['userprefs']['usertheme'];
+			if (isset($_SESSION['userprefs']['usertheme']) && strcmp($_SESSION['userprefs']['usertheme'],'0')!=0) {
+				$coursetheme = $_SESSION['userprefs']['usertheme'];
 			}
-			$sessiondata['coursetheme'] = $coursetheme;
+			$_SESSION['coursetheme'] = $coursetheme;
 
-			$sessiondata['coursetoolset'] = $courseinfo['toolset'];
+			$_SESSION['coursetoolset'] = $courseinfo['toolset'];
 			if (isset($studentinfo['timelimitmult'])) {
-				$sessiondata['timelimitmult'] = $studentinfo['timelimitmult'];
+				$_SESSION['timelimitmult'] = $studentinfo['timelimitmult'];
 			} else {
-				$sessiondata['timelimitmult'] = 1.0;
+				$_SESSION['timelimitmult'] = 1.0;
 			}
-
-			writesessiondata();
 			session_write_close();
 			header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php");
 			exit;
@@ -471,31 +469,31 @@
 				exit;
 			}
 			//Return to test.
-			$sessiondata['sessiontestid'] = $line['id'];
-			$sessiondata['isreview'] = $isreview;
+			$_SESSION['sessiontestid'] = $line['id'];
+			$_SESSION['isreview'] = $isreview;
 			if (isset($teacherid) || isset($tutorid) || $actas) {
-				$sessiondata['isteacher']=true;
+				$_SESSION['isteacher']=true;
 			} else {
-				$sessiondata['isteacher']=false;
+				$_SESSION['isteacher']=false;
 			}
 			if ($actas) {
-				$sessiondata['actas']=$_GET['actas'];
-				$sessiondata['isreview'] = false;
+				$_SESSION['actas']=$_GET['actas'];
+				$_SESSION['isreview'] = false;
 			} else {
-				unset($sessiondata['actas']);
+				unset($_SESSION['actas']);
 			}
 
 			if ($adata['isgroup']==0 || $line['agroupid']>0) {
-				$sessiondata['groupid'] = $line['agroupid'];
+				$_SESSION['groupid'] = $line['agroupid'];
 			} else if (!isset($teacherid) && !isset($tutorid)) { //isgroup>0 && agroupid==0
 				//already has asid, but broken from group
 				$stm = $DBH->prepare("INSERT INTO imas_stugroups (name,groupsetid) VALUES ('Unnamed group',:groupsetid)");
 				$stm->execute(array(':groupsetid'=>$adata['groupsetid']));
 				$stugroupid = $DBH->lastInsertId();
 				if ($adata['isgroup']==3) {
-					$sessiondata['groupid'] = $stugroupid;
+					$_SESSION['groupid'] = $stugroupid;
 				} else {
-					$sessiondata['groupid'] = 0;  //leave as 0 to trigger adding group members
+					$_SESSION['groupid'] = 0;  //leave as 0 to trigger adding group members
 				}
 				$stm = $DBH->prepare("INSERT INTO imas_stugroupmembers (userid,stugroupid) VALUES (:userid, :stugroupid)");
 				$stm->execute(array(':userid'=>$userid, ':stugroupid'=>$stugroupid));
@@ -506,26 +504,23 @@
 			$stm = $DBH->prepare("SELECT name,theme,msgset,toolset FROM imas_courses WHERE id=:id");
 			$stm->execute(array(':id'=>$_GET['cid']));
 			$courseinfo = $stm->fetch(PDO::FETCH_ASSOC);
-			$sessiondata['courseid'] = Sanitize::courseId($_GET['cid']);
-			$sessiondata['coursename'] = $courseinfo['name'];
-			$sessiondata['coursetheme'] = $courseinfo['theme'];
-			$sessiondata['coursetoolset'] = $courseinfo['toolset'];
+			$_SESSION['courseid'] = Sanitize::courseId($_GET['cid']);
+			$_SESSION['coursename'] = $courseinfo['name'];
+			$_SESSION['coursetheme'] = $courseinfo['theme'];
+			$_SESSION['coursetoolset'] = $courseinfo['toolset'];
 			if (isset($studentinfo['timelimitmult'])) {
-				$sessiondata['timelimitmult'] = $studentinfo['timelimitmult'];
+				$_SESSION['timelimitmult'] = $studentinfo['timelimitmult'];
 			} else {
-				$sessiondata['timelimitmult'] = 1.0;
+				$_SESSION['timelimitmult'] = 1.0;
 			}
 
-			if (isset($sessiondata['lti_lis_result_sourcedid'.$aid])) {
-				$altltisourcedid = $sessiondata['lti_lis_result_sourcedid'.$aid].':|:'.$sessiondata['lti_outcomeurl'].':|:'.$sessiondata['lti_origkey'].':|:'.$sessiondata['lti_keylookup'];
+			if (isset($_SESSION['lti_lis_result_sourcedid'.$aid])) {
+				$altltisourcedid = $_SESSION['lti_lis_result_sourcedid'.$aid].':|:'.$_SESSION['lti_outcomeurl'].':|:'.$_SESSION['lti_origkey'].':|:'.$_SESSION['lti_keylookup'];
 				if ($altltisourcedid != $line['lti_sourcedid']) {
 					$stm = $DBH->prepare("UPDATE imas_assessment_sessions SET lti_sourcedid=:lti_sourcedid WHERE id=:id");
 					$stm->execute(array(':lti_sourcedid'=>$altltisourcedid, ':id'=>$line['id']));
 				}
 			}
-
-
-			writesessiondata();
 			session_write_close();
 			header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php");
 		}
@@ -533,15 +528,15 @@
 	}
 
 	//already started test
-	if (!isset($sessiondata['sessiontestid'])) {
+	if (!isset($_SESSION['sessiontestid'])) {
 		echo "<html><body>", _('Error.  Access assessment from course page'), "</body></html>\n";
 		exit;
 	}
-	$testid = $sessiondata['sessiontestid'];
+	$testid = $_SESSION['sessiontestid'];
 	$asid = $testid;
-	$isteacher = $sessiondata['isteacher'];
-	if (isset($sessiondata['actas'])) {
-		$userid = $sessiondata['actas'];
+	$isteacher = $_SESSION['isteacher'];
+	if (isset($_SESSION['actas'])) {
+		$userid = $_SESSION['actas'];
 	}
 	$stm = $DBH->prepare("SELECT * FROM imas_assessment_sessions WHERE id=:id");
 	$stm->execute(array(':id'=>$testid));
@@ -644,7 +639,7 @@
 	$timelimitkickout = ($testsettings['timelimit']<0);
 	$testsettings['timelimit'] = abs($testsettings['timelimit']);
 	//do time limit mult
-	$testsettings['timelimit'] *= $sessiondata['timelimitmult'];
+	$testsettings['timelimit'] *= $_SESSION['timelimitmult'];
 
 	list($testsettings['testtype'],$testsettings['showans']) = explode('-',$testsettings['deffeedback']);
 
@@ -657,7 +652,7 @@
 		exit;
 	}
 	//verify group is ok
-	if ($testsettings['isgroup']>0 && !$isteacher &&  ($line['agroupid']==0 || ($sessiondata['groupid']>0 && $line['agroupid']!=$sessiondata['groupid']))) {
+	if ($testsettings['isgroup']>0 && !$isteacher &&  ($line['agroupid']==0 || ($_SESSION['groupid']>0 && $line['agroupid']!=$_SESSION['groupid']))) {
 		echo "<html><body>", _('Error.  Looks like your group has changed for this assessment. Please reopen the assessment and try again.');
 		echo "<a href=\"../course/course.php?cid={$testsettings['courseid']}\">", _('Return to course page'), "</a>";
 		echo '</body></html>';
@@ -741,7 +736,7 @@
 		}
 	} else {
 		$stm2 = $DBH->prepare("SELECT startdate,enddate,islatepass,is_lti FROM imas_exceptions WHERE userid=:userid AND assessmentid=:assessmentid AND itemtype='A'");
-		$stm2->execute(array(':userid'=>$sessiondata['actas'], ':assessmentid'=>$line['assessmentid']));
+		$stm2->execute(array(':userid'=>$_SESSION['actas'], ':assessmentid'=>$line['assessmentid']));
 		$row = $stm2->fetch(PDO::FETCH_NUM);
 		if ($row!=null) {
 			$useexception = $exceptionfuncs->getCanUseAssessException($row, $testsettings, true);
@@ -946,33 +941,32 @@
 		recordtestdata(false, false);
 	}
 	if (isset($_GET['regen']) && $allowregen && $qi[$questions[$_GET['regen']]]['allowregen']==1) {
-		if (!isset($sessiondata['regendelay'])) {
-			$sessiondata['regendelay'] = 2;
+		if (!isset($_SESSION['regendelay'])) {
+			$_SESSION['regendelay'] = 2;
 		}
 		$doexit = false;
-		if (isset($sessiondata['lastregen'])) {
-			if ($now-$sessiondata['lastregen']<$sessiondata['regendelay']) {
-				$sessiondata['regendelay'] = 5;
+		if (isset($_SESSION['lastregen'])) {
+			if ($now-$_SESSION['lastregen']<$_SESSION['regendelay']) {
+				$_SESSION['regendelay'] = 5;
 				echo '<html><body><p>Hey, about slowing down and trying the problem before hitting regen?  Wait 5 seconds before trying again.</p><p></body></html>';
 				$stm = $DBH->prepare("INSERT INTO imas_log (time,log) VALUES (:time, :log)");
 				$stm->execute(array(':time'=>$now, ':log'=>"Quickregen triggered by $userid"));
-				if (!isset($sessiondata['regenwarnings'])) {
-					$sessiondata['regenwarnings'] = 1;
+				if (!isset($_SESSION['regenwarnings'])) {
+					$_SESSION['regenwarnings'] = 1;
 				} else {
-					$sessiondata['regenwarnings']++;
+					$_SESSION['regenwarnings']++;
 				}
-				if ($sessiondata['regenwarnings']>10) {
+				if ($_SESSION['regenwarnings']>10) {
 					$stm = $DBH->prepare("INSERT INTO imas_log (time,log) VALUES (:time, :log)");
 					$stm->execute(array(':time'=>$now, ':log'=>"Over 10 regen warnings triggered by $userid"));
 				}
 				$doexit = true;
 			}
-			if ($now - $sessiondata['lastregen'] > 20) {
-				$sessiondata['regendelay'] = 2;
+			if ($now - $_SESSION['lastregen'] > 20) {
+				$_SESSION['regendelay'] = 2;
 			}
 		}
-		$sessiondata['lastregen'] = $now;
-		writesessiondata();
+		$_SESSION['lastregen'] = $now;
 		if ($doexit) { exit;}
 		srand();
 		$toregen = $_GET['regen'];
@@ -1118,18 +1112,18 @@
 	}
 
 
-	$isdiag = isset($sessiondata['isdiag']);
+	$isdiag = isset($_SESSION['isdiag']);
 	if ($isdiag) {
-		$diagid = $sessiondata['isdiag'];
+		$diagid = $_SESSION['isdiag'];
 		$hideAllHeaderNav = true;
 	}
-	$isltilimited = (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0 && $sessiondata['ltirole']=='learner');
+	$isltilimited = (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0 && $_SESSION['ltirole']=='learner');
 
 
-	if (isset($CFG['GEN']['keeplastactionlog']) && isset($sessiondata['loginlog'.$testsettings['courseid']])) {
+	if (isset($CFG['GEN']['keeplastactionlog']) && isset($_SESSION['loginlog'.$testsettings['courseid']])) {
 		$now = time();
 		$stm = $DBH->prepare("UPDATE imas_login_log SET lastaction=:lastaction WHERE id=:id");
-		$stm->execute(array(':lastaction'=>$now, ':id'=>$sessiondata['loginlog'.$testsettings['courseid']]));
+		$stm->execute(array(':lastaction'=>$now, ':id'=>$_SESSION['loginlog'.$testsettings['courseid']]));
 	}
 
 	header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
@@ -1154,7 +1148,7 @@
 	if ($testsettings['displaymethod'] == "LivePoll") {
 		$placeinhead = '<script src="https://'.$CFG['GEN']['livepollserver'].':3000/socket.io/socket.io.js"></script>';
 		$placeinhead .= '<script src="'.$imasroot.'/javascript/livepoll.js?v=102518"></script>';
-		$livepollroom = $testsettings['id'].'-'.($sessiondata['isteacher'] ? 'teachers':'students');
+		$livepollroom = $testsettings['id'].'-'.($_SESSION['isteacher'] ? 'teachers':'students');
 		$now = time();
 		if (isset($CFG['GEN']['livepollpassword'])) {
 			$livepollsig = base64_encode(sha1($livepollroom . $CFG['GEN']['livepollpassword'] . $now,true));
@@ -1178,7 +1172,7 @@
 			.LPshowcorrect .LPresbar, .LPshowwrong  .LPresbar {background-color: #FFFFFF;}
 			</style>';
 	}
-	if ($sessiondata['intreereader']) {
+	if ($_SESSION['intreereader']) {
 		$flexwidth = true;
 	}
 	require("header.php");
@@ -1186,10 +1180,10 @@
 		echo '<style type="text/css" media="print"> div.question, div.todoquestion, div.inactive { display: none;} </style>';
 	}
 
-	if (!$isdiag && !$isltilimited && !$sessiondata['intreereader']) {
-		if (isset($sessiondata['actas'])) {
-			echo "<div class=breadcrumb>$breadcrumbbase <a href=\"../course/course.php?cid={$testsettings['courseid']}\">{$sessiondata['coursename']}</a> ";
-			echo "&gt; <a href=\"../course/gb-viewasid.php?cid={$testsettings['courseid']}&amp;asid=$testid&amp;uid={$sessiondata['actas']}\">", _('Gradebook Detail'), "</a> ";
+	if (!$isdiag && !$isltilimited && !$_SESSION['intreereader']) {
+		if (isset($_SESSION['actas'])) {
+			echo "<div class=breadcrumb>$breadcrumbbase <a href=\"../course/course.php?cid={$testsettings['courseid']}\">{$_SESSION['coursename']}</a> ";
+			echo "&gt; <a href=\"../course/gb-viewasid.php?cid={$testsettings['courseid']}&amp;asid=$testid&amp;uid={$_SESSION['actas']}\">", _('Gradebook Detail'), "</a> ";
 			echo "&gt; ", _('View as student'), "</div>";
 		} else {
 			echo "<div class=breadcrumb>";
@@ -1206,10 +1200,10 @@
 				}
 				echo '</span>';
 			}
-			if (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0) {
+			if (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0) {
 				echo "$breadcrumbbase ", _('Assessment'), "</div>";
 			} else {
-				echo "$breadcrumbbase <a href=\"../course/course.php?cid={$testsettings['courseid']}\">{$sessiondata['coursename']}</a> ";
+				echo "$breadcrumbbase <a href=\"../course/course.php?cid={$testsettings['courseid']}\">{$_SESSION['coursename']}</a> ";
 
 				echo "&gt; ", _('Assessment'), "</div>";
 			}
@@ -1246,7 +1240,7 @@
 			echo '<p>'.$out.'</p>';
 		}
 
-		if ($sessiondata['ltiitemid']==$testsettings['id'] && $isreview) {
+		if ($_SESSION['ltiitemid']==$testsettings['id'] && $isreview) {
 			if ($testsettings['origshowans']!='N') {
 				echo '<p><a href="../course/gb-viewasid.php?cid='.$cid.'&asid='.$testid.'">';
 				echo _('View your scored assessment'), '</a></p>';
@@ -1266,9 +1260,9 @@
 		echo '</div>';
 	}
 
-	if ((!$sessiondata['isteacher'] || isset($sessiondata['actas'])) && ($testsettings['isgroup']==1 || $testsettings['isgroup']==2) && ($sessiondata['groupid']==0 || isset($_GET['addgrpmem']))) {
+	if ((!$_SESSION['isteacher'] || isset($_SESSION['actas'])) && ($testsettings['isgroup']==1 || $testsettings['isgroup']==2) && ($_SESSION['groupid']==0 || isset($_GET['addgrpmem']))) {
 		if (isset($_POST['grpsubmit'])) {
-			if ($sessiondata['groupid']==0) {
+			if ($_SESSION['groupid']==0) {
 				echo '<p>', _('Group error - lost group info'), '</p>';
 			}
 			$fieldstocopy = 'assessmentid,agroupid,questions,seeds,scores,attempts,lastanswers,starttime,endtime,bestseeds,bestattempts,bestscores,bestlastanswers,feedback,reviewseeds,reviewattempts,reviewscores,reviewlastanswers,reattempting,reviewreattempting,ver';
@@ -1305,7 +1299,7 @@
 							$loginfo .= "$thisusername already in group. ";
 						} else {
 							$stm = $DBH->prepare("INSERT INTO imas_stugroupmembers (userid,stugroupid) VALUES (:userid,:stugroupid)");
-							$stm->execute(array(':userid'=>$_POST['user'.$i], ':stugroupid'=>$sessiondata['groupid']));
+							$stm->execute(array(':userid'=>$_POST['user'.$i], ':stugroupid'=>$_SESSION['groupid']));
 
 							$fieldstocopy = explode(',',$fieldstocopy);
 							$sets = array();
@@ -1326,7 +1320,7 @@
 						}
 					} else {
 						$stm = $DBH->prepare("INSERT INTO imas_stugroupmembers (userid,stugroupid) VALUES (:userid,:stugroupid)");
-						$stm->execute(array(':userid'=>$_POST['user'.$i], ':stugroupid'=>$sessiondata['groupid']));
+						$stm->execute(array(':userid'=>$_POST['user'.$i], ':stugroupid'=>$_SESSION['groupid']));
 
 						$fieldphs = ':'.implode(',:', explode(',', $fieldstocopy));
 						$query = "INSERT INTO imas_assessment_sessions (userid,$fieldstocopy) VALUES (:userid,$fieldphs)";
@@ -1344,7 +1338,7 @@
 			}
 		} else {
 			echo '<div id="headershowtest" class="pagetitle"><h1>', _('Select group members'), '</h1></div>';
-			if ($sessiondata['groupid']==0) {
+			if ($_SESSION['groupid']==0) {
 				//a group should already exist
 				$query = 'SELECT i_sg.id FROM imas_stugroups as i_sg JOIN imas_stugroupmembers as i_sgm ON i_sg.id=i_sgm.stugroupid ';
 				$query .= "WHERE i_sgm.userid=:userid AND i_sg.groupsetid=:groupsetid";
@@ -1354,10 +1348,9 @@
 					echo '<p>', _('Group error.  Please try reaccessing the assessment from the course page'), '</p>';
 				}
 				$agroupid = $stm->fetchColumn(0);
-				$sessiondata['groupid'] = $agroupid;
-				writesessiondata();
+				$_SESSION['groupid'] = $agroupid;
 			} else {
-				$agroupid = $sessiondata['groupid'];
+				$agroupid = $_SESSION['groupid'];
 			}
 
 
@@ -1366,7 +1359,7 @@
 			$query = "SELECT imas_users.id,imas_users.FirstName,imas_users.LastName FROM imas_users,imas_stugroupmembers WHERE ";
 			$query .= "imas_users.id=imas_stugroupmembers.userid AND imas_stugroupmembers.stugroupid=:stugroupid ORDER BY imas_users.LastName,imas_users.FirstName";
 			$stm = $DBH->prepare($query);
-			$stm->execute(array(':stugroupid'=>$sessiondata['groupid']));
+			$stm->execute(array(':stugroupid'=>$_SESSION['groupid']));
 			while ($row = $stm->fetch(PDO::FETCH_NUM)) {
 				$curgrp[0] = $row[0];
 				echo sprintf("<li>%s, %s</li>", Sanitize::encodeStringForDisplay($row[2]), Sanitize::encodeStringForDisplay($row[1]));
@@ -1418,7 +1411,7 @@
 	}
 	/*
 	no need to do anything in this case
-	if ((!$sessiondata['isteacher'] || isset($sessiondata['actas'])) && $testsettings['isgroup']==3  && $sessiondata['groupid']==0) {
+	if ((!$_SESSION['isteacher'] || isset($_SESSION['actas'])) && $testsettings['isgroup']==3  && $_SESSION['groupid']==0) {
 		//double check not already added to group by someone else
 		$query = "SELECT agroupid FROM imas_assessment_sessions WHERE id='$testid'";
 		$result = mysql_query($query) or die("Query failed : $query:" . mysql_error());
@@ -1430,18 +1423,17 @@
 		} else {
 			echo "<p>Someone already added you to a group.  Using that group.</p>";
 		}
-		$sessiondata['groupid'] = $agroupid;
-		writesessiondata();
+		$_SESSION['groupid'] = $agroupid;
 	}
 	*/
 
 	//if was added to existing group, need to reload $questions, etc
 	echo '<div id="headershowtest" class="pagetitle">';
 	echo "<h1>{$testsettings['name']}</h1></div>\n";
-	if (isset($sessiondata['actas'])) {
+	if (isset($_SESSION['actas'])) {
 		echo '<p style="color: red;">', _('Teacher Acting as ');
 		$stm = $DBH->prepare("SELECT LastName, FirstName FROM imas_users WHERE id=:id");
-		$stm->execute(array(':id'=>$sessiondata['actas']));
+		$stm->execute(array(':id'=>$_SESSION['actas']));
 		$row = $stm->fetch(PDO::FETCH_NUM);
 		echo $row[1].' '.$row[0];
 		echo '<p>';
@@ -1893,7 +1885,7 @@
 						displayq($qn,$qi[$questions[$qn]]['questionsetid'],$seeds[$qn],false,false,$attempts[$qn],false,false,false,$colors);
 					}
 					$contactlinks = showquestioncontactlinks($qn);
-					if ($contactlinks!='' && !$sessiondata['istutorial']) {
+					if ($contactlinks!='' && !$_SESSION['istutorial']) {
 						echo '<div class="review">'.$contactlinks.'</div>';
 					}
 
@@ -2252,7 +2244,7 @@
 				if ($testsettings['displaymethod'] != "VideoCue") {
 					embedshowicon($qn);
 				}
-				if (!$sessiondata['istutorial']) {
+				if (!$_SESSION['istutorial']) {
 					echo '<div class="prequestion">';
 					$divopen = true;
 					if ($GLOBALS['scoremessages'] != '') {
@@ -2312,7 +2304,7 @@
 				echo $quesout;
 
 			} else {
-				if (!$sessiondata['istutorial']) {
+				if (!$_SESSION['istutorial']) {
 					echo "<p>", _('No attempts remain on this problem.'), "</p>";
 					if ($showeachscore) {
 						//TODO i18n
@@ -2350,7 +2342,7 @@
 			showqinfobar($qn,true,false,true);
 
 			echo '<script type="text/javascript">document.getElementById("disptime").value = '.time().';';
-			if ($introhaspages || $sessiondata['intreereader']) {
+			if ($introhaspages || $_SESSION['intreereader']) {
 				echo 'embedattemptedtrack["q'.$qn.'"][1]=0;';
 				if (false && $showeachscore) {
 					echo 'embedattemptedtrack["q'.$qn.'"][2]='. (canimprove($qn) ? "1":"0") . ';';
@@ -2407,7 +2399,7 @@
 			//}
 			exit;
 		} else if ($_GET['action']=='livepollopenq') {
-			if (!$sessiondata['isteacher']) {
+			if (!$_SESSION['isteacher']) {
 				echo '{error: "unauthorized"}';
 				exit;
 			}
@@ -2442,7 +2434,7 @@
 			4:  question displaying scored
 			*/
 
-			if (!$sessiondata['isteacher']) {
+			if (!$_SESSION['isteacher']) {
 				echo '{error: "unauthorized"}';
 				exit;
 			}
@@ -2473,7 +2465,7 @@
 		} else if ($_GET['action']=='livepollshowq') {
 			$qn = Sanitize::onlyInt($_GET['qn']);
 			$clearla = false;
-			if (isset($_GET['forceregen']) && $sessiondata['isteacher']) {
+			if (isset($_GET['forceregen']) && $_SESSION['isteacher']) {
 				srand();
 				do {
 					$newseed = rand(1,9999);
@@ -2490,14 +2482,14 @@
 				}
 			}
 
-			if (!$sessiondata['isteacher'] && ($LPinf['curquestion'] != $qn || ($LPinf['curstate'] != 2 && $LPinf['curstate'] != 3))) {
+			if (!$_SESSION['isteacher'] && ($LPinf['curquestion'] != $qn || ($LPinf['curstate'] != 2 && $LPinf['curstate'] != 3))) {
 				echo 'wrong question or not open for display';
 				echo $LPinf['curquestion'] . ','.$qn.','.$LPinf['curstate'];
 				exit;
 			}
 
 			$thisshowhints = ($qi[$questions[$qn]]['showhints']==2 || ($qi[$questions[$qn]]['showhints']==0 && $showhints));
-			if (isset($_GET['includeqinfo']) && $sessiondata['isteacher']) {
+			if (isset($_GET['includeqinfo']) && $_SESSION['isteacher']) {
 				$GLOBALS['capturechoices'] = 'shuffled';
 				$GLOBALS['capturedrawinit'] = true;
 				ob_start();
@@ -2587,13 +2579,13 @@
 		}
 		if ($testsettings['isgroup']>0) {
 			$testsettings['intro'] .= "<p><span class=noticetext >" . _('This is a group assessment.  Any changes affect all group members.') . "</span><br/>";
-			if (!$isteacher || isset($sessiondata['actas'])) {
+			if (!$isteacher || isset($_SESSION['actas'])) {
 				$testsettings['intro'] .= _('Group Members:') . " <ul>";
 				$query = "SELECT imas_users.id,imas_users.FirstName,imas_users.LastName FROM imas_users,imas_assessment_sessions WHERE ";
 				$query .= "imas_users.id=imas_assessment_sessions.userid AND imas_assessment_sessions.agroupid=:agroupid ";
 				$query .= "AND imas_assessment_sessions.assessmentid=:assessmentid ORDER BY imas_users.LastName,imas_users.FirstName";
 				$stm = $DBH->prepare($query);
-				$stm->execute(array(':agroupid'=>$sessiondata['groupid'], ':assessmentid'=>$testsettings['id']));
+				$stm->execute(array(':agroupid'=>$_SESSION['groupid'], ':assessmentid'=>$testsettings['id']));
 				while ($row = $stm->fetch(PDO::FETCH_NUM)) {
 					$curgrp[] = $row[0];
 					$testsettings['intro'] .= "<li>{$row[2]}, {$row[1]}</li>";
@@ -2817,7 +2809,7 @@
 			$intro = filter("<div class=\"intro\" role=region aria-label=\""._('Intro or instructions')."\">{$testsettings['intro']}</div>\n");
 			if ($testsettings['displaymethod'] == "VideoCue") {
 				echo substr(trim($intro),0,-6);
-				if (!$sessiondata['istutorial'] && $testsettings['testtype']!="NoScores") {
+				if (!$_SESSION['istutorial'] && $testsettings['testtype']!="NoScores") {
 					echo "<p><a href=\"showtest.php?action=embeddone\">", _('When you are done, click here to see a summary of your score'), "</a></p>\n";
 				}
 				echo '</div>';
@@ -2949,7 +2941,7 @@
 					} else {
 						$showcorrectnow = false;
 					}
-					if (!$sessiondata['istutorial']) {
+					if (!$_SESSION['istutorial']) {
 						echo '<div class="prequestion">';
 						echo "<p>", _('No attempts remain on this problem.'), "</p>";
 						if ($allowregen && $qi[$questions[$i]]['allowregen']==1) {
@@ -2989,7 +2981,7 @@
 				ob_start();
 				showqinfobar($i,true,false,true);
 				$reviewbar = ob_get_clean();
-				if (!$sessiondata['istutorial']) {
+				if (!$_SESSION['istutorial']) {
 					$reviewbar = str_replace('<div class="review">','<div class="review">'._('Question').' '.($i+1).'. ', $reviewbar);
 				}
 				$quesout .= $reviewbar;
@@ -3011,13 +3003,13 @@
 				}
 				echo '</p>';
 			}
-			if (!$sessiondata['istutorial'] && $testsettings['displaymethod'] != "VideoCue") {
+			if (!$_SESSION['istutorial'] && $testsettings['displaymethod'] != "VideoCue") {
 				echo "<p>" . _('Total Points Possible: ') . totalpointspossible($qi) . "</p>";
 			}
 
 
 			echo '</div>'; //ends either inset or formcontents div
-			if (!$sessiondata['istutorial'] && $testsettings['displaymethod'] != "VideoCue"  && $testsettings['testtype']!="NoScores") {
+			if (!$_SESSION['istutorial'] && $testsettings['displaymethod'] != "VideoCue"  && $testsettings['testtype']!="NoScores") {
 				echo "<p><a href=\"showtest.php?action=embeddone\" ".getSummaryConfirm().">";
 				echo _('When you are done, click here to see a summary of your score'), "</a></p>\n";
 			}
@@ -3034,7 +3026,7 @@
 			echo '<input type="hidden" id="disptime" name="disptime" value="'.time().'" />';
 			echo "<input type=\"hidden\" id=\"isreview\" name=\"isreview\" value=\"". ($isreview?1:0) ."\" />";
 
-			if ($sessiondata['isteacher']) {
+			if ($_SESSION['isteacher']) {
 				echo '<div class="navbar" role="navigation" aria-label="'._("Question navigation").'">';
 				echo '<p id="livepollactivestu" style="margin-top:0px">&nbsp;</p>';
 				echo "<h3>", _('Questions'), "</h3>\n";
@@ -3728,11 +3720,11 @@ function showscores($questions,&$attempts,$testsettings) {
 
 	function endtest($testsettings) {
 
-		//unset($sessiondata['sessiontestid']);
+		//unset($_SESSION['sessiontestid']);
 	}
 	function leavetestmsg($or = '') {
-		global $isdiag, $diagid, $sessiondata, $testsettings;
-		$isltilimited = (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0);
+		global $isdiag, $diagid, $testsettings;
+		$isltilimited = (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0);
 		echo '<p>';
 		echo $or;
 		if ($isdiag) {
@@ -3740,7 +3732,7 @@ function leavetestmsg($or = '') {
 				echo ' '._('or').' ';
 			}
 			echo "<a href=\"../diag/index.php?id=$diagid\">", _('Exit Assessment'), "</a>\n";
-		} else if ($isltilimited || $sessiondata['intreereader']) {
+		} else if ($isltilimited || $_SESSION['intreereader']) {
 
 		} else {
 			if ($or != '') {
diff --git a/assessment/testutil.php b/assessment/testutil.php
index 86fbf3eeb3..162b2bd531 100644
--- a/assessment/testutil.php
+++ b/assessment/testutil.php
@@ -513,7 +513,7 @@ function printscore2($sc) {
 //qi: getquestioninfo[qid]
 function scorequestion($qn, $rectime=true) {
 	global $DBH,$questions,$scores,$seeds,$testsettings,$qi,$attempts,$lastanswers,$isreview,$bestquestions,$bestseeds,$bestscores,$bestattempts,$bestlastanswers, $reattempting, $rawscores, $bestrawscores, $firstrawscores;
-	global $regenonreattempt, $sessiondata;
+	global $regenonreattempt;
 	//list($qsetid,$cat) = getqsetid($questions[$qn]);
 	$lastrawscore = $rawscores[$qn];
 
@@ -555,7 +555,7 @@ function scorequestion($qn, $rectime=true) {
 	} else {
 		$scores[$qn] = $afterpenalty;
 	}
-	if (!$isreview && $attempts[$qn]==0 && strpos($lastanswers[$qn],'##')===false && !$sessiondata['isteacher']) {
+	if (!$isreview && $attempts[$qn]==0 && strpos($lastanswers[$qn],'##')===false && !$_SESSION['isteacher']) {
 		$firstrawscores[$qn] = $rawscores[$qn];
 		if ($rectime) {
 			global $timesontask;
@@ -594,7 +594,7 @@ function scorequestion($qn, $rectime=true) {
 //records everything but questions array
 //if limit=true, only records lastanswers
 function recordtestdata($limit=false, $updateLTI=true) {
-	global $DBH,$isreview,$questions,$bestquestions,$bestscores,$bestattempts,$bestseeds,$bestlastanswers,$scores,$attempts,$seeds,$lastanswers,$testid,$testsettings,$sessiondata,$reattempting,$timesontask,$lti_sourcedid,$qi,$noraw,$rawscores,$bestrawscores,$firstrawscores,$userid;
+	global $DBH,$isreview,$questions,$bestquestions,$bestscores,$bestattempts,$bestseeds,$bestlastanswers,$scores,$attempts,$seeds,$lastanswers,$testid,$testsettings,$reattempting,$timesontask,$lti_sourcedid,$qi,$noraw,$rawscores,$bestrawscores,$firstrawscores,$userid;
 
 	if ($noraw) {
 		$bestscorelist = implode(',',$bestscores);
@@ -646,7 +646,7 @@ function recordtestdata($limit=false, $updateLTI=true) {
 				':bestlastanswers'=>$bestlalist, ':endtime'=>$now, ':reattempting'=>$reattemptinglist, ':timeontask'=>$timeslist,
 				':questions'=>$questionlist);
 
-			if ($updateLTI && isset($lti_sourcedid) && strlen($lti_sourcedid)>0 && $sessiondata['ltiitemtype']==0) {
+			if ($updateLTI && isset($lti_sourcedid) && strlen($lti_sourcedid)>0 && $_SESSION['ltiitemtype']==0) {
 				//update lti record.  We only do this for single assessment placements
 
 				require_once("../includes/ltioutcomes.php");
@@ -665,9 +665,9 @@ function recordtestdata($limit=false, $updateLTI=true) {
 			}
 		}
 	}
-	if ($testsettings['isgroup']>0 && $sessiondata['groupid']>0 && !$isreview) {
+	if ($testsettings['isgroup']>0 && $_SESSION['groupid']>0 && !$isreview) {
 		$query .= "WHERE agroupid=:agroupid AND assessmentid=:assessmentid";
-		$qarr[':agroupid']=$sessiondata['groupid'];
+		$qarr[':agroupid']=$_SESSION['groupid'];
 		$qarr[':assessmentid']=$testsettings['id'];
 	} else {
 		$query .= "WHERE id=:id LIMIT 1";
@@ -678,7 +678,7 @@ function recordtestdata($limit=false, $updateLTI=true) {
 }
 
 function deletefilesifnotused($delfrom,$ifnothere) {
-	global $testsettings,$sessiondata, $testid, $isreview;
+	global $testsettings, $testid, $isreview;
 	$outstr = '';
 	preg_match_all('/@FILE:(.+?)@/',$delfrom,$matches);
 	foreach($matches[0] as $match) {
@@ -687,8 +687,8 @@ function deletefilesifnotused($delfrom,$ifnothere) {
 		}
 	}
 	require_once("../includes/filehandler.php");
-	if ($testsettings['isgroup']>0 && $sessiondata['groupid']>0 && !$isreview) {
-		deleteasidfilesfromstring2($outstr,'agroupid',$sessiondata['groupid'],$testsettings['id']);
+	if ($testsettings['isgroup']>0 && $_SESSION['groupid']>0 && !$isreview) {
+		deleteasidfilesfromstring2($outstr,'agroupid',$_SESSION['groupid'],$testsettings['id']);
 	} else {
 		deleteasidfilesfromstring2($outstr,'id',$testid,$testsettings['id']);
 	}
@@ -799,12 +799,12 @@ function basicshowq($qn,$seqinactive=false,$colors=array()) {
 
 //shows basic points possible, attempts remaining bar
 function showqinfobar($qn,$inreview,$single,$showqnum=0) {
-	global $qi,$questions,$attempts,$seeds,$testsettings,$noindivscores,$showeachscore,$scores,$bestscores,$sessiondata,$imasroot,$CFG;
-	if (!$sessiondata['istutorial']) {
+	global $qi,$questions,$attempts,$seeds,$testsettings,$noindivscores,$showeachscore,$scores,$bestscores,$imasroot,$CFG;
+	if (!$_SESSION['istutorial']) {
 		if ($inreview) {
 			echo '<div class="review clearfix">';
 		}
-		if ($sessiondata['isteacher']) {
+		if ($_SESSION['isteacher']) {
 			echo '<span style="float:right;font-size:70%;text-align:right;">'._('Question ID: ').Sanitize::onlyInt($qi[$questions[$qn]]['questionsetid']);
 			echo '<br/><a target="license" href="'.$imasroot.'/course/showlicense.php?id='.Sanitize::onlyInt($qi[$questions[$qn]]['questionsetid']).'">'._('License').'</a>';
 			if (isset($CFG['GEN']['sendquestionproblemsthroughcourse'])) {
@@ -878,7 +878,7 @@ function showqinfobar($qn,$inreview,$single,$showqnum=0) {
 	} else {
 		echo "<input type=hidden id=\"verattempts$qn\" name=\"verattempts[$qn]\" value=\"{$attempts[$qn]}\" />";
 	}
-	if (!$sessiondata['istutorial']) {
+	if (!$_SESSION['istutorial']) {
 		$contactlinks = showquestioncontactlinks($qn);
 		if ($contactlinks!='') {
 			echo '<br/>'.$contactlinks;
@@ -908,7 +908,7 @@ function showquestioncontactlinks($qn) {
 
 //shows top info bar for seq mode
 function seqshowqinfobar($qn,$toshow) {
-	global $qi,$questions,$attempts,$testsettings,$scores,$bestscores,$noindivscores,$showeachscore,$imasroot,$CFG,$sessiondata,$seeds,$isreview;
+	global $qi,$questions,$attempts,$testsettings,$scores,$bestscores,$noindivscores,$showeachscore,$imasroot,$CFG,$seeds,$isreview;
 	$reattemptsremain = hasreattempts($qn);
 	$pointsremaining = getremainingpossible($qn,$qi[$questions[$qn]],$testsettings,$attempts[$qn]);
 	$qavail = false;
@@ -1068,7 +1068,7 @@ function startoftestmessage($perfectscore,$hasreattempts,$allowregen,$noindivsco
 }
 
 function embedshowicon($qn) {
-	global $qi,$questions,$attempts,$testsettings,$scores,$bestscores,$noindivscores,$showeachscore,$imasroot,$CFG,$sessiondata,$seeds,$isreview;
+	global $qi,$questions,$attempts,$testsettings,$scores,$bestscores,$noindivscores,$showeachscore,$imasroot,$CFG,$seeds,$isreview;
 	$reattemptsremain = hasreattempts($qn);
 	$pointsremaining = getremainingpossible($qn,$qi[$questions[$qn]],$testsettings,$attempts[$qn]);
 	$qavail = false;
@@ -1132,8 +1132,8 @@ function embedshowicon($qn) {
 // like on the password entry page, latepass confirmation, etc.
 // this is light breadcrumbs rather than full
 function showEnterAssessmentBreadcrumbs($aname) {
-	global $isdiag, $sessiondata, $breadcrumbbase, $coursename;
-	if (!$isdiag && strpos($_SERVER['HTTP_REFERER'],'treereader')===false && !(isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==0)) {
+	global $isdiag, $breadcrumbbase, $coursename;
+	if (!$isdiag && strpos($_SERVER['HTTP_REFERER'],'treereader')===false && !(isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==0)) {
 		echo "<div class=breadcrumb>$breadcrumbbase <a href=\"../course/course.php?cid=".Sanitize::courseId($_GET['cid'])."\">".Sanitize::encodeStringForDisplay($coursename)."</a> ";
 		echo '&gt; ', Sanitize::encodeStringForDisplay($aname), '</div>';
 	}
diff --git a/bltilaunch.php b/bltilaunch.php
index 93c8b03c9f..433b674c00 100644
--- a/bltilaunch.php
+++ b/bltilaunch.php
@@ -126,23 +126,18 @@ function verify112relaunch() {
 
 //check to see if accessiblity page is posting back
 if (isset($_GET['launch'])) {
-	$stm = $DBH->prepare('SELECT sessiondata,userid FROM imas_sessions WHERE sessionid=:sessionid');
-	$stm->execute(array(':sessionid'=>$sessionid));
-	if ($stm->rowCount()==0) {
+	if (empty($_SESSION['userid'])) {
 		reporterror("No authorized session exists. This is most likely caused by your browser blocking third-party cookies.  Please adjust your browser settings and try again.");
 	}
-	list($enc,$userid) = $stm->fetch(PDO::FETCH_NUM);
-	$sessiondata = unserialize(base64_decode($enc));
+	$userid = $_SESSION['userid'];
 
 	if (isset($_POST['tzname'])) {
-		$sessiondata['logintzname'] = $_POST['tzname'];
+		$_SESSION['logintzname'] = $_POST['tzname'];
 	}
 
 	require_once("$curdir/includes/userprefs.php");
 	generateuserprefs();
 
-	$enc = base64_encode(serialize($sessiondata));
-
 	$stm = $DBH->prepare('UPDATE imas_users SET lastaccess=:lastaccess WHERE id=:id');
 	$stm->execute(array(':lastaccess'=>$now, ':id'=>$userid));
 
@@ -151,12 +146,12 @@ function verify112relaunch() {
 	} else {
 		$tzname = '';
 	}
-	$stm = $DBH->prepare('UPDATE imas_sessions SET sessiondata=:sessiondata,tzoffset=:tzoffset,tzname=:tzname WHERE sessionid=:sessionid');
-	$stm->execute(array(':sessiondata'=>$enc, ':tzoffset'=>$_POST['tzoffset'], ':tzname'=>$tzname, ':sessionid'=>$sessionid));
+	$_SESSION['tzoffset'] = $_POST['tzoffset'];
+	$_SESSION['tzname'] = $tzname;
 
 	$keyparts = explode('_',$_SESSION['ltikey']);
-	if ($sessiondata['ltiitemtype']==0) { //is aid
-		$aid = $sessiondata['ltiitemid'];
+	if ($_SESSION['ltiitemtype']==0) { //is aid
+		$aid = $_SESSION['ltiitemid'];
 		$stm = $DBH->prepare('SELECT courseid,ver FROM imas_assessments WHERE id=:aid');
 		$stm->execute(array(':aid'=>$aid));
 		list($cid,$aver) = $stm->fetch(PDO::FETCH_NUM);
@@ -164,7 +159,7 @@ function verify112relaunch() {
 			$diaginfo = "(Debug info: 1-$aid)";
 			reporterror("This assignment does not appear to exist anymore. $diaginfo");
 		}
-		if ($sessiondata['ltirole'] == 'learner') {
+		if ($_SESSION['ltirole'] == 'learner') {
 			$stm = $DBH->prepare('INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES (:userid,:courseid,\'assesslti\',:typeid,:viewtime,\'\')');
 			$stm->execute(array(':userid'=>$userid,':courseid'=>$cid,':typeid'=>$aid,':viewtime'=>$now));
 		}
@@ -173,27 +168,25 @@ function verify112relaunch() {
 		} else {
 			header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php?cid=$cid&id=$aid");
 		}
-	} else if ($sessiondata['ltiitemtype']==1) { //is cid
-		$cid = $sessiondata['ltiitemid'];
+	} else if ($_SESSION['ltiitemtype']==1) { //is cid
+		$cid = $_SESSION['ltiitemid'];
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/course/course.php?cid=$cid");
-	} else if ($sessiondata['ltiitemtype']==2) {
+	} else if ($_SESSION['ltiitemtype']==2) {
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/index.php");
-	} else if ($sessiondata['ltiitemtype']==3) {
-		$cid = $sessiondata['ltiitemid'][2];
-		$folder = $sessiondata['ltiitemid'][1];
+	} else if ($_SESSION['ltiitemtype']==3) {
+		$cid = $_SESSION['ltiitemid'][2];
+		$folder = $_SESSION['ltiitemid'][1];
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/course/course.php?cid=$cid&folder=".$folder);
 	} else { //will only be instructors hitting this option
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/ltihome.php");
 	}
 	exit;
 } else if (isset($_GET['accessibility'])) {
-	$stm = $DBH->prepare('SELECT sessiondata,userid FROM imas_sessions WHERE sessionid=:sessionid');
-	$stm->execute(array(':sessionid'=>$sessionid));
-	if ($stm->rowCount()==0) {
+	if (empty($_SESSION['userid'])) {
 		reporterror("No authorized session exists. This is most likely caused by your browser blocking third-party cookies.  Please adjust your browser settings and try again.");
 	}
-	list($enc,$userid) = $stm->fetch(PDO::FETCH_NUM);
-	$sessiondata = unserialize(base64_decode($enc));
+	$userid = $_SESSION['userid'];
+
 	//time to output a postback to capture tzname
 	$pref = 0;
 	$flexwidth = true;
@@ -202,15 +195,15 @@ function verify112relaunch() {
 	require("header.php");
 	echo "<h3>Connecting to $installname</h3>";
 	echo "<form id=\"postbackform\" method=\"post\" action=\"" . $imasroot . "/bltilaunch.php?launch=true\" ";
-	if ($sessiondata['ltiitemtype']==0 && $sessiondata['ltitlwrds'] != '') {
+	if ($_SESSION['ltiitemtype']==0 && $_SESSION['ltitlwrds'] != '') {
 		echo "onsubmit='return confirm(\"This assessment has a time limit of "
-            .Sanitize::encodeStringForJavascript($sessiondata['ltitlwrds'])
+            .Sanitize::encodeStringForJavascript($_SESSION['ltitlwrds'])
             .".  Click OK to start or continue working on the assessment.\")' >";
-		echo "<p class=noticetext>This assessment has a time limit of ".Sanitize::encodeStringForDisplay($sessiondata['ltitlwrds']).".</p>";
+		echo "<p class=noticetext>This assessment has a time limit of ".Sanitize::encodeStringForDisplay($_SESSION['ltitlwrds']).".</p>";
 		echo '<div class="textright"><input type="submit" value="Continue" /></div>';
 
-		if ($sessiondata['lticanuselatepass']) {
-			echo "<p><a href=\"$imasroot/course/redeemlatepass.php?from=ltitimelimit&cid=".Sanitize::encodeUrlParam($sessiondata['ltiitemcid'])."&aid=".Sanitize::encodeUrlParam($sessiondata['ltiitemid'])."\">", _('Use LatePass'), "</a></p>";
+		if ($_SESSION['lticanuselatepass']) {
+			echo "<p><a href=\"$imasroot/course/redeemlatepass.php?from=ltitimelimit&cid=".Sanitize::encodeUrlParam($_SESSION['ltiitemcid'])."&aid=".Sanitize::encodeUrlParam($_SESSION['ltiitemid'])."\">", _('Use LatePass'), "</a></p>";
 		}
 
 	} else {
@@ -228,7 +221,7 @@ function verify112relaunch() {
 			var tz = jstz.determine();
 			document.getElementById("tzname").value = tz.name();
 			<?php
-			if ($sessiondata['ltiitemtype']!=0 || $sessiondata['ltitlwrds'] == '') {
+			if ($_SESSION['ltiitemtype']!=0 || $_SESSION['ltitlwrds'] == '') {
 				//auto submit the form
 				echo 'document.getElementById("postbackform").submit();';
 			}
@@ -476,13 +469,7 @@ function verify112relaunch() {
 	if (isset($_SESSION['userid'])) {
 		$userid = $_SESSION['userid'];
 	} else {
-		$stm = $DBH->prepare('SELECT userid FROM imas_sessions WHERE sessionid=:sessionid');
-		$stm->execute(array(':sessionid'=>$sessionid));
-		if ($stm->rowCount()==0) {
-			reporterror("No session recorded");
-		} else {
-			$userid = $stm->fetchColumn(0); //DB mysql_result($result,0,0);
-		}
+		reporterror("No session recorded");
 	}
 
 	$keyparts = explode('_',$_SESSION['ltikey']);
@@ -1514,24 +1501,21 @@ function findfolder($items,$n,$loc) {
 //check if db session entry exists for session
 $promptforsettings = false;
 $SESS = $_SESSION;
-$stm = $DBH->prepare("SELECT userid,sessiondata FROM imas_sessions WHERE sessionid=:sessionid");
-$stm->execute(array(':sessionid'=>$sessionid));
-if ($stm->rowCount()>0) {	//check that same userid, and that we're not jumping on someone else's
+if (!empty($_SESSION['userid'])) {	//check that same userid, and that we're not jumping on someone else's
 	//existing session.  If so, then we need to create a new session.
 	//also, if session did not have ltiuserid already, must be jumping non-LTI to LTI
-	$row = $stm->fetch(PDO::FETCH_ASSOC);
-	if ($row['userid']!=$userid || !$atstarthasltiuserid) {
+
+	if ($_SESSION['userid'] != $userid || !$atstarthasltiuserid) {
 		session_destroy();
 		session_start();
 		session_regenerate_id();
 		$sessionid = session_id();
 		//setcookie(session_name(),session_id(),0,'','',false,true );
-		$sessiondata = array();
+		$_SESSION = array();
 		$createnewsession = true;
 	} else {
 		//already have session.  Don't need to create one
-		$sessiondata = unserialize(base64_decode($row['sessiondata']));
-		if (!isset($sessiondata['mathdisp'])) {
+		if (!isset($_SESSION['mathdisp'])) {
 			//for some reason settings are not set, so reload from user prefs
 			require_once("$curdir/includes/userprefs.php");
 			generateuserprefs(true);
@@ -1539,7 +1523,7 @@ function findfolder($items,$n,$loc) {
 		$createnewsession = false;
 	}
 } else {
-	$sessiondata = array();
+	$_SESSION = array();
 	$createnewsession = true;
 }
 
@@ -1576,12 +1560,12 @@ function findfolder($items,$n,$loc) {
 	}
 	//this sessiondata tells WAMAP to limit access to the specific resouce requested
 
-	$sessiondata['ltitlwrds'] = $tlwrds;
-	$sessiondata['ltiitemtype']=0;
-	$sessiondata['ltiitemver']=$aver;
-	$sessiondata['ltiitemid'] = $aid;
+	$_SESSION['ltitlwrds'] = $tlwrds;
+	$_SESSION['ltiitemtype']=0;
+	$_SESSION['ltiitemver']=$aver;
+	$_SESSION['ltiitemid'] = $aid;
 
-	$sessiondata['lticanuselatepass'] = false;
+	$_SESSION['lticanuselatepass'] = false;
 	if ($_SESSION['ltirole']!='instructor' && $line['allowlate']>0) {
 		$stm = $DBH->prepare("SELECT latepasshrs FROM imas_courses WHERE id=:id");
 		$stm->execute(array(':id'=>$cid));
@@ -1589,56 +1573,50 @@ function findfolder($items,$n,$loc) {
 		require_once("./includes/exceptionfuncs.php");
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, true, $latepasses, $latepasshrs);
 		list($useexception, $canundolatepass, $canuselatepass) = $exceptionfuncs->getCanUseAssessException($exceptionrow, $line);
-		$sessiondata['lticanuselatepass'] = $canuselatepass;
+		$_SESSION['lticanuselatepass'] = $canuselatepass;
 	}
 
 }  else if ($linkparts[0]=='cid') { //is cid
-	$sessiondata['ltiitemtype']=1;
-	$sessiondata['ltiitemid'] = $cid;
+	$_SESSION['ltiitemtype']=1;
+	$_SESSION['ltiitemid'] = $cid;
 } else if ($linkparts[0]=='folder') { //is folder content view
-	$sessiondata['ltiitemtype']=3;
-	$sessiondata['ltiitemid'] = array($linkparts[2],$linkparts[3],$cid);
+	$_SESSION['ltiitemtype']=3;
+	$_SESSION['ltiitemid'] = array($linkparts[2],$linkparts[3],$cid);
 } else {
-	$sessiondata['ltiitemtype']=-1;
+	$_SESSION['ltiitemtype']=-1;
 }
-$sessiondata['ltiorg'] = $SESS['ltiorg'];
-$sessiondata['ltirole'] = $SESS['ltirole'];
-$sessiondata['lti_context_id']  = $SESS['lti_context_id'];
-$sessiondata['lti_resource_link_id']  = $SESS['lti_resource_link_id'];
+$_SESSION['ltiorg'] = $SESS['ltiorg'];
+$_SESSION['ltirole'] = $SESS['ltirole'];
+$_SESSION['lti_context_id']  = $SESS['lti_context_id'];
+$_SESSION['lti_resource_link_id']  = $SESS['lti_resource_link_id'];
 if ($linkparts[0]=='aid') {
-	$sessiondata['lti_lis_result_sourcedid'.$aid]  = $SESS['lti_lis_result_sourcedid'];
+	$_SESSION['lti_lis_result_sourcedid'.$aid]  = $SESS['lti_lis_result_sourcedid'];
 }
-$sessiondata['lti_outcomeurl']  = $SESS['lti_outcomeurl'];
-$sessiondata['lti_context_label'] = $SESS['lti_context_label'];
-$sessiondata['lti_launch_get'] = $SESS['lti_launch_get'];
-$sessiondata['lti_key'] = $SESS['lti_key'];
-$sessiondata['lti_keytype'] = $SESS['lti_keytype'];
-$sessiondata['lti_keylookup'] = $SESS['ltilookup'];
-$sessiondata['lti_origkey'] = $SESS['ltiorigkey'];
+$_SESSION['lti_outcomeurl']  = $SESS['lti_outcomeurl'];
+$_SESSION['lti_context_label'] = $SESS['lti_context_label'];
+$_SESSION['lti_launch_get'] = $SESS['lti_launch_get'];
+$_SESSION['lti_key'] = $SESS['lti_key'];
+$_SESSION['lti_keytype'] = $SESS['lti_keytype'];
+$_SESSION['lti_keylookup'] = $SESS['ltilookup'];
+$_SESSION['lti_origkey'] = $SESS['ltiorigkey'];
 if (isset($SESS['selection_return'])) {
-	$sessiondata['lti_selection_return'] = $SESS['selection_return'];
-	$sessiondata['lti_selection_targets'] = $SESS['selection_targets'];
-	$sessiondata['lti_selection_return_format'] = $SESS['selection_return_format'];
-	$sessiondata['lti_selection_type'] = $SESS['selection_type'];
-	$sessiondata['lti_selection_data'] = $SESS['selection_data'];
+	$_SESSION['lti_selection_return'] = $SESS['selection_return'];
+	$_SESSION['lti_selection_targets'] = $SESS['selection_targets'];
+	$_SESSION['lti_selection_return_format'] = $SESS['selection_return_format'];
+	$_SESSION['lti_selection_type'] = $SESS['selection_type'];
+	$_SESSION['lti_selection_data'] = $SESS['selection_data'];
 }
 
 if (isset($setstuviewon) && $setstuviewon==true) {
-	$sessiondata['stuview'] = 0;
+	$_SESSION['stuview'] = 0;
 }
 
 if ($_SESSION['lti_keytype']=='gc') {
-	$sessiondata['lti_launch_get']['cid'] = $linkparts[1];
+	$_SESSION['lti_launch_get']['cid'] = $linkparts[1];
 }
 
-$enc = base64_encode(serialize($sessiondata));
-if ($createnewsession) {
-	$stm = $DBH->prepare("INSERT INTO imas_sessions (sessionid,userid,sessiondata,time) VALUES (:sessionid, :userid, :sessiondata, :time)");
-	$stm->execute(array(':sessionid'=>$sessionid, ':userid'=>$userid, ':sessiondata'=>$enc, ':time'=>$now));
-} else {
-	$stm = $DBH->prepare("UPDATE imas_sessions SET sessiondata=:sessiondata,userid=:userid WHERE sessionid=:sessionid");
-	$stm->execute(array(':sessiondata'=>$enc, ':userid'=>$userid, ':sessionid'=>$sessionid));
-}
+$_SESSION['userid'] = $userid;
+$_SESSION['time'] = $now;
 
 if (!$promptforsettings && !$createnewsession && !($linkparts[0]=='aid' && $tlwrds != '')) {
 
@@ -1648,7 +1626,7 @@ function findfolder($items,$n,$loc) {
 	$stm->execute(array(':lastaccess'=>$now, ':id'=>$userid));
 
 	if ($linkparts[0]=='aid') { //is aid
-		if ($sessiondata['ltirole'] == 'learner') {
+		if ($_SESSION['ltirole'] == 'learner') {
 			$stm = $DBH->prepare("INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES (:userid, :courseid, :type, :typeid, :viewtime, :info)");
 			$stm->execute(array(':userid'=>$userid, ':courseid'=>$cid, ':type'=>'assesslti', ':typeid'=>$aid, ':viewtime'=>$now, ':info'=>''));
 		}
@@ -1682,23 +1660,18 @@ function findfolder($items,$n,$loc) {
 
 //check to see if accessiblity page is posting back
 if (isset($_GET['launch'])) {
-	$stm = $DBH->prepare("SELECT sessiondata,userid FROM imas_sessions WHERE sessionid=:sessionid");
-	$stm->execute(array(':sessionid'=>$sessionid));
-	if ($stm->rowCount()==0) {
+	if (empty($_SESSION['userid'])) {
 		reporterror("No authorized session exists. This is most likely caused by your browser blocking third-party cookies.  Please adjust your browser settings and try again.");
 	}
-	list($enc,$userid) = $stm->fetch(PDO::FETCH_NUM);
-	$sessiondata = unserialize(base64_decode($enc));
+	$userid = $_SESSION['userid'];
 
 	if (isset($_POST['tzname'])) {
-		$sessiondata['logintzname'] = $_POST['tzname'];
+		$_SESSION['logintzname'] = $_POST['tzname'];
 	}
 
 	require_once("$curdir/includes/userprefs.php");
 	generateuserprefs();
 
-	$enc = base64_encode(serialize($sessiondata));
-
 	$now = time();
 	$stm = $DBH->prepare("UPDATE imas_users SET lastaccess=:lastaccess WHERE id=:id");
 	$stm->execute(array(':lastaccess'=>$now, ':id'=>$userid));
@@ -1708,12 +1681,12 @@ function findfolder($items,$n,$loc) {
 	} else {
 		$tzname = '';
 	}
-	$stm = $DBH->prepare("UPDATE imas_sessions SET sessiondata=:sessiondata,tzoffset=:tzoffset,tzname=:tzname WHERE sessionid=:sessionid");
-	$stm->execute(array(':sessiondata'=>$enc, ':tzoffset'=>$_POST['tzoffset'], ':tzname'=>$tzname, ':sessionid'=>$sessionid));
+	$_SESSION['tzoffset'] = $_POST['tzoffset'];
+	$_SESSION['tzname'] = $tzname;
 
 	$keyparts = explode('_',$_SESSION['ltikey']);
-	if ($sessiondata['ltiitemtype']==0) { //is aid
-		$aid = $sessiondata['ltiitemid'];
+	if ($_SESSION['ltiitemtype']==0) { //is aid
+		$aid = $_SESSION['ltiitemid'];
 		$stm = $DBH->prepare("SELECT courseid,ver FROM imas_assessments WHERE id=:id");
 		$stm->execute(array(':id'=>$aid));
 		list($cid, $aver) = $stm->fetch(PDO::FETCH_NUM);
@@ -1721,7 +1694,7 @@ function findfolder($items,$n,$loc) {
 			$diaginfo = "(Debug info: 4-$aid)";
 			reporterror("This assignment does not appear to exist anymore. $diaginfo");
 		}
-		if ($sessiondata['ltirole'] == 'learner') {
+		if ($_SESSION['ltirole'] == 'learner') {
 			$stm = $DBH->prepare("INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES (:userid, :courseid, :type, :typeid, :viewtime, :info)");
 			$stm->execute(array(':userid'=>$userid, ':courseid'=>$cid, ':type'=>'assesslti', ':typeid'=>$aid, ':viewtime'=>$now, ':info'=>''));
 		}
@@ -1730,27 +1703,25 @@ function findfolder($items,$n,$loc) {
 		} else {
 			header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php?cid=$cid&id=$aid");
 		}
-	} else if ($sessiondata['ltiitemtype']==1) { //is cid
-		$cid = $sessiondata['ltiitemid'];
+	} else if ($_SESSION['ltiitemtype']==1) { //is cid
+		$cid = $_SESSION['ltiitemid'];
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/course/course.php?cid=$cid");
-	} else if ($sessiondata['ltiitemtype']==2) {
+	} else if ($_SESSION['ltiitemtype']==2) {
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/index.php");
-	} else if ($sessiondata['ltiitemtype']==3) {
-		$cid = $sessiondata['ltiitemid'][2];
-		$folder = $sessiondata['ltiitemid'][1];
+	} else if ($_SESSION['ltiitemtype']==3) {
+		$cid = $_SESSION['ltiitemid'][2];
+		$folder = $_SESSION['ltiitemid'][1];
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/course/course.php?cid=$cid&folder=".$folder);
 	} else { //will only be instructors hitting this option
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/ltihome.php");
 	}
 	exit;
 } else if (isset($_GET['accessibility'])) {
-	$stm = $DBH->prepare("SELECT sessiondata,userid FROM imas_sessions WHERE sessionid=:sessionid");
-	$stm->execute(array(':sessionid'=>$sessionid));
-	if ($stm->rowCount()==0) {
+	if (empty($_SESSION['userid'])) {
 		reporterror("No authorized session exists. This is most likely caused by your browser blocking third-party cookies.  Please adjust your browser settings and try again.");
 	}
-	list($enc,$userid) = $stm->fetch(PDO::FETCH_NUM);
-	$sessiondata = unserialize(base64_decode($enc));
+	$userid = $_SESSION['userid'];
+
 	//time to output a postback to capture tzoffset and math/graph settings
 	$pref = 0;
 	/*if (isset($_COOKIE['mathgraphprefs'])) {
@@ -1769,13 +1740,13 @@ function findfolder($items,$n,$loc) {
 	require("header.php");
 	echo "<h3>Connecting to $installname</h3>";
 	echo "<form id=\"postbackform\" method=\"post\" action=\"".$imasroot."/bltilaunch.php?launch=true\" ";
-	if ($sessiondata['ltiitemtype']==0 && $sessiondata['ltitlwrds'] != '') {
-		echo "onsubmit='return confirm(\"This assessment has a time limit of ".Sanitize::encodeStringForDisplay($sessiondata['ltitlwrds']).".  Click OK to start or continue working on the assessment.\")' >";
-		echo "<p class=noticetext>This assessment has a time limit of ".Sanitize::encodeStringForDisplay($sessiondata['ltitlwrds']).".</p>";
+	if ($_SESSION['ltiitemtype']==0 && $_SESSION['ltitlwrds'] != '') {
+		echo "onsubmit='return confirm(\"This assessment has a time limit of ".Sanitize::encodeStringForDisplay($_SESSION['ltitlwrds']).".  Click OK to start or continue working on the assessment.\")' >";
+		echo "<p class=noticetext>This assessment has a time limit of ".Sanitize::encodeStringForDisplay($_SESSION['ltitlwrds']).".</p>";
 		echo '<div class="textright"><input type="submit" value="Continue" /></div>';
 
-		if ($sessiondata['lticanuselatepass']) {
-			echo "<p><a href=\"$imasroot/course/redeemlatepass.php?from=ltitimelimit&cid=".Sanitize::encodeUrlParam($sessiondata['ltiitemcid'])."&aid=".Sanitize::encodeUrlParam($sessiondata['ltiitemid'])."\">", _('Use LatePass'), "</a></p>";
+		if ($_SESSION['lticanuselatepass']) {
+			echo "<p><a href=\"$imasroot/course/redeemlatepass.php?from=ltitimelimit&cid=".Sanitize::encodeUrlParam($_SESSION['ltiitemcid'])."&aid=".Sanitize::encodeUrlParam($_SESSION['ltiitemid'])."\">", _('Use LatePass'), "</a></p>";
 		}
 	} else {
 		echo ">";
@@ -1793,7 +1764,7 @@ function findfolder($items,$n,$loc) {
 			var tz = jstz.determine();
 			document.getElementById("tzname").value = tz.name();
 			<?php
-			if ($sessiondata['ltiitemtype']!=0 || $sessiondata['ltitlwrds'] == '') {
+			if ($_SESSION['ltiitemtype']!=0 || $_SESSION['ltitlwrds'] == '') {
 				//auto submit the form
 				echo 'document.getElementById("postbackform").submit();';
 			}
@@ -2025,12 +1996,10 @@ function findfolder($items,$n,$loc) {
 	//refreshed this page from accessibility options page so session already exists
 	// (if user_id is set, then is new LTI request, so want to pass down to OAuth)
 	//pull necessary info and continue
-	$stm = $DBH->prepare("SELECT userid FROM imas_sessions WHERE sessionid=:sessionid");
-	$stm->execute(array(':sessionid'=>$sessionid));
-	if ($stm->rowCount()==0) {
+	if (empty($_SESSION['userid'])) {
 		reporterror("No session recorded");
 	} else {
-		$userid = $stm->fetchColumn(0);
+		$userid = $_SESSION['userid'];
 	}
 
 	$keyparts = explode('_',$_SESSION['ltikey']);
@@ -2634,26 +2603,22 @@ function findfolder($items,$n,$loc) {
 
 //check if db session entry exists for session
 $promptforsettings = false;
-$SESS = $_SESSION;
-$stm = $DBH->prepare("SELECT userid,sessiondata FROM imas_sessions WHERE sessionid=:sessionid");
-$stm->execute(array(':sessionid'=>$sessionid));
-if ($stm->rowCount()>0) {
+$SESS = $_SESSION; // store values in case we need to clear existing session
+if (!empty($_SESSION['userid'])) {
 	//check that same userid, and that we're not jumping on someone else's
 	//existing session.  If so, then we need to create a new session.
 	//also, if session did not have ltiuserid already, must be jumping non-LTI to LTI
-	list($sessionuserid, $sessiondata) = $stm->fetch(PDO::FETCH_NUM);
-	if ($sessionuserid!=$userid || !$atstarthasltiuserid) {
+	if ($_SESSION['userid'] != $userid || !$atstarthasltiuserid) {
 		session_destroy();
 		session_start();
 		session_regenerate_id();
 		$sessionid = session_id();
 		//setcookie(session_name(),session_id(),0,'','',false,true );
-		$sessiondata = array();
+		$_SESSION = array();
 		$createnewsession = true;
 	} else {
 		//already have session.  Don't need to create one
-		$sessiondata = unserialize(base64_decode($sessiondata));
-		if (!isset($sessiondata['mathdisp'])) {
+		if (!isset($_SESSION['mathdisp'])) {
 			//for some reason settings are not set, so reload from user prefs
 			require_once("$curdir/includes/userprefs.php");
 			generateuserprefs(true);
@@ -2661,7 +2626,7 @@ function findfolder($items,$n,$loc) {
 		$createnewsession = false;
 	}
 } else {
-	$sessiondata = array();
+	$_SESSION = array();
 	$createnewsession = true;
 }
 
@@ -2697,12 +2662,12 @@ function findfolder($items,$n,$loc) {
 		$tlwrds = '';
 	}
 	//this sessiondata tells WAMAP to limit access to the specific resouce requested
-	$sessiondata['ltitlwrds'] = $tlwrds;
-	$sessiondata['ltiitemtype']=0;
-	$sessiondata['ltiitemver']=$aver;
-	$sessiondata['ltiitemid'] = $aid;
+	$_SESSION['ltitlwrds'] = $tlwrds;
+	$_SESSION['ltiitemtype']=0;
+	$_SESSION['ltiitemver']=$aver;
+	$_SESSION['ltiitemid'] = $aid;
 
-	$sessiondata['lticanuselatepass'] = false;
+	$_SESSION['lticanuselatepass'] = false;
 	if ($_SESSION['ltirole']!='instructor' && $line['allowlate']>0) {
 		$stm = $DBH->prepare("SELECT latepasshrs FROM imas_courses WHERE id=:id");
 		$stm->execute(array(':id'=>$cid));
@@ -2710,63 +2675,57 @@ function findfolder($items,$n,$loc) {
 		require_once("./includes/exceptionfuncs.php");
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, true, $latepasses, $latepasshrs);
 		list($useexception, $canundolatepass, $canuselatepass) = $exceptionfuncs->getCanUseAssessException($exceptionrow, $line);
-		$sessiondata['lticanuselatepass'] = $canuselatepass;
+		$_SESSION['lticanuselatepass'] = $canuselatepass;
 	}
 }  else if ($keyparts[0]=='cid') { //is cid
-	$sessiondata['ltiitemtype']=1;
-	$sessiondata['ltiitemid'] = $cid;
+	$_SESSION['ltiitemtype']=1;
+	$_SESSION['ltiitemid'] = $cid;
 } else if ($keyparts[0]=='sso') { //is sso
-	$sessiondata['ltiitemtype']=2;
+	$_SESSION['ltiitemtype']=2;
 } else if ($keyparts[0]=='folder') { //is folder content view
-	$sessiondata['ltiitemtype']=3;
-	$sessiondata['ltiitemid'] = array($keyparts[2],$keyparts[3],$cid);
+	$_SESSION['ltiitemtype']=3;
+	$_SESSION['ltiitemid'] = array($keyparts[2],$keyparts[3],$cid);
 } else {
-	$sessiondata['ltiitemtype']=-1;
+	$_SESSION['ltiitemtype']=-1;
 }
-$sessiondata['ltiorg'] = $SESS['ltiorg'];
-$sessiondata['ltirole'] = $SESS['ltirole'];
-$sessiondata['lti_context_id']  = $SESS['lti_context_id'];
-$sessiondata['lti_resource_link_id']  = $SESS['lti_resource_link_id'];
+$_SESSION['ltiorg'] = $SESS['ltiorg'];
+$_SESSION['ltirole'] = $SESS['ltirole'];
+$_SESSION['lti_context_id']  = $SESS['lti_context_id'];
+$_SESSION['lti_resource_link_id']  = $SESS['lti_resource_link_id'];
 // record it with aid for safety
 if ($keyparts[0]=='aid') {
-	$sessiondata['lti_lis_result_sourcedid'.$aid]  = $SESS['lti_lis_result_sourcedid'];
+	$_SESSION['lti_lis_result_sourcedid'.$aid]  = $SESS['lti_lis_result_sourcedid'];
 }
-$sessiondata['lti_outcomeurl']  = $SESS['lti_outcomeurl'];
-$sessiondata['lti_context_label'] = $SESS['lti_context_label'];
-$sessiondata['lti_launch_get'] = $SESS['lti_launch_get'];
-$sessiondata['lti_key'] = $SESS['lti_key'];
-$sessiondata['lti_keytype'] = $SESS['lti_keytype'];
-$sessiondata['lti_keylookup'] = $SESS['ltilookup'];
-$sessiondata['lti_origkey'] = $SESS['ltiorigkey'];
+$_SESSION['lti_outcomeurl']  = $SESS['lti_outcomeurl'];
+$_SESSION['lti_context_label'] = $SESS['lti_context_label'];
+$_SESSION['lti_launch_get'] = $SESS['lti_launch_get'];
+$_SESSION['lti_key'] = $SESS['lti_key'];
+$_SESSION['lti_keytype'] = $SESS['lti_keytype'];
+$_SESSION['lti_keylookup'] = $SESS['ltilookup'];
+$_SESSION['lti_origkey'] = $SESS['ltiorigkey'];
 if (isset($SESS['selection_return'])) {
-	$sessiondata['lti_selection_return'] = $SESS['selection_return'];
-	$sessiondata['lti_selection_targets'] = $SESS['selection_targets'];
-	$sessiondata['lti_selection_return_format'] = $SESS['selection_return_format'];
-	$sessiondata['lti_selection_type'] = $SESS['selection_type'];
-	$sessiondata['lti_selection_data'] = $SESS['selection_data'];
+	$_SESSION['lti_selection_return'] = $SESS['selection_return'];
+	$_SESSION['lti_selection_targets'] = $SESS['selection_targets'];
+	$_SESSION['lti_selection_return_format'] = $SESS['selection_return_format'];
+	$_SESSION['lti_selection_type'] = $SESS['selection_type'];
+	$_SESSION['lti_selection_data'] = $SESS['selection_data'];
 }
 
 if (isset($setstuviewon) && $setstuviewon==true) {
-	$sessiondata['stuview'] = 0;
+	$_SESSION['stuview'] = 0;
 }
 
 if ($_SESSION['lti_keytype']=='gc') {
-	$sessiondata['lti_launch_get']['cid'] = $keyparts[1];
+	$_SESSION['lti_launch_get']['cid'] = $keyparts[1];
 }
 if ($_SESSION['lti_keytype']=='cc-vf') {
-	$sessiondata['mathdisp'] = 0;
-	$sessiondata['graphdisp'] = 2;
-	$sessiondata['tzoffset'] = 0;
+	$_SESSION['mathdisp'] = 0;
+	$_SESSION['graphdisp'] = 2;
+	$_SESSION['tzoffset'] = 0;
 }
 
-$enc = base64_encode(serialize($sessiondata));
-if ($createnewsession) {
-	$stm = $DBH->prepare("INSERT INTO imas_sessions (sessionid,userid,sessiondata,time) VALUES (:sessionid, :userid, :sessiondata, :time)");
-	$stm->execute(array(':sessionid'=>$sessionid, ':userid'=>$userid, ':sessiondata'=>$enc, ':time'=>$now));
-} else {
-	$stm = $DBH->prepare("UPDATE imas_sessions SET sessiondata=:sessiondata,userid=:userid WHERE sessionid=:sessionid");
-	$stm->execute(array(':sessiondata'=>$enc, ':userid'=>$userid, ':sessionid'=>$sessionid));
-}
+$_SESSION['userid'] = $userid;
+$_SESSION['time'] = $now;
 
 if ($_SESSION['lti_keytype']=='cc-vf' || (!$promptforsettings && !$createnewsession && !($keyparts[0]=='aid' && $tlwrds != ''))) {
 	//redirect now if already have session and no timelimit
@@ -2775,7 +2734,7 @@ function findfolder($items,$n,$loc) {
 	$stm->execute(array(':lastaccess'=>$now, ':id'=>$userid));
 
 	if ($keyparts[0]=='aid') { //is aid
-		if ($sessiondata['ltirole'] == 'learner') {
+		if ($_SESSION['ltirole'] == 'learner') {
 			$query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime,info) VALUES ";
 			$query .= "(:userid, :courseid, :type, :typeid, :viewtime, :info)";
 			$stm = $DBH->prepare($query);
diff --git a/checkbrowser.php b/checkbrowser.php
index dc3c54e26f..53478b0449 100644
--- a/checkbrowser.php
+++ b/checkbrowser.php
@@ -1,7 +1,7 @@
 <?php
 	require("init_without_validate.php");
-	$sessiondata['mathdisp']=1;
-	$sessiondata['graphdisp']=1;
+	$_SESSION['mathdisp']=1;
+	$_SESSION['graphdisp']=1;
 	$nologo = true;
 	require("header.php");
 	
diff --git a/course/adddrillassess.php b/course/adddrillassess.php
index 0da93d1f9f..25b0a7cc8d 100644
--- a/course/adddrillassess.php
+++ b/course/adddrillassess.php
@@ -221,45 +221,42 @@
 		$safesearch = str_replace(' and ', ' ',$safesearch);
 		$search = $safesearch;
 		$search = str_replace('"','&quot;',$search);
-		$sessiondata['lastsearch'.$cid] = $safesearch; //str_replace(" ","+",$safesearch);
+		$_SESSION['lastsearch'.$cid] = $safesearch; //str_replace(" ","+",$safesearch);
 		if (isset($_POST['searchall'])) {
 			$searchall = 1;
 		} else {
 			$searchall = 0;
 		}
-		$sessiondata['searchall'.$cid] = $searchall;
+		$_SESSION['searchall'.$cid] = $searchall;
 		if (isset($_POST['searchmine'])) {
 			$searchmine = 1;
 		} else {
 			$searchmine = 0;
 		}
-		$sessiondata['searchmine'.$cid] = $searchmine;
+		$_SESSION['searchmine'.$cid] = $searchmine;
 		if (isset($_POST['newonly'])) {
 			$newonly = 1;
 		} else {
 			$newonly = 0;
 		}
-		$sessiondata['searchnewonly'.$cid] = $newonly;
-		writesessiondata();
+		$_SESSION['searchnewonly'.$cid] = $newonly;
 	}
 	if (isset($_POST['libs'])) {
 		if ($_POST['libs']=='') {
 			$_POST['libs'] = $userdeflib;
 		}
 		$searchlibs = Sanitize::encodeStringForDisplay($_POST['libs']);
-		//$sessiondata['lastsearchlibs'] = implode(",",$searchlibs);
-		$sessiondata['lastsearchlibs'.$aid] = $searchlibs;
-		writesessiondata();
+		//$_SESSION['lastsearchlibs'] = implode(",",$searchlibs);
+		$_SESSION['lastsearchlibs'.$aid] = $searchlibs;
 	} else if (isset($_GET['listlib'])) {
 		$searchlibs = $_GET['listlib'];
-		$sessiondata['lastsearchlibs'.$aid] = $searchlibs;
+		$_SESSION['lastsearchlibs'.$aid] = $searchlibs;
 		$searchall = 0;
-		$sessiondata['searchall'.$aid] = $searchall;
-		$sessiondata['lastsearch'.$aid] = '';
+		$_SESSION['searchall'.$aid] = $searchall;
+		$_SESSION['lastsearch'.$aid] = '';
 		$searchlikes = '';
 		$search = '';
 		$safesearch = '';
-		writesessiondata();
 	}
 	$DBH->commit();
 	if (isset($_POST['save']) && $_POST['save']=='Save') {
@@ -292,13 +289,13 @@
 /*  Get data for question searching */
 //remember search
 
-if (isset($sessiondata['lastsearch'.$cid])) {
-	$safesearch = trim($sessiondata['lastsearch'.$cid]); //str_replace("+"," ",$sessiondata['lastsearch'.$cid]);
+if (isset($_SESSION['lastsearch'.$cid])) {
+	$safesearch = trim($_SESSION['lastsearch'.$cid]); //str_replace("+"," ",$_SESSION['lastsearch'.$cid]);
 	$search = $safesearch;
 	$search = str_replace('"','&quot;',$search);
-	$searchall = $sessiondata['searchall'.$cid];
-	$searchmine = $sessiondata['searchmine'.$cid];
-	$newonly = $sessiondata['searchnewonly'.$cid];
+	$searchall = $_SESSION['searchall'.$cid];
+	$searchmine = $_SESSION['searchmine'.$cid];
+	$newonly = $_SESSION['searchnewonly'.$cid];
 } else {
 	$search = '';
 	$searchall = 0;
@@ -327,9 +324,9 @@
 	}
 }
 
-if (isset($sessiondata['lastsearchlibs'.$aid])) {
-	//$searchlibs = explode(",",$sessiondata['lastsearchlibs']);
-	$searchlibs = $sessiondata['lastsearchlibs'.$aid];
+if (isset($_SESSION['lastsearchlibs'.$aid])) {
+	//$searchlibs = explode(",",$_SESSION['lastsearchlibs']);
+	$searchlibs = $_SESSION['lastsearchlibs'.$aid];
 } else {
 	$searchlibs = $userdeflib;
 }
diff --git a/course/addgrades.php b/course/addgrades.php
index d6c84fa6b2..c159f91850 100644
--- a/course/addgrades.php
+++ b/course/addgrades.php
@@ -301,8 +301,8 @@
 
 	if (isset($_GET['gbmode']) && $_GET['gbmode']!='') {
 		$gbmode = $_GET['gbmode'];
-	} else if (isset($sessiondata[$cid.'gbmode']) && !isset($_GET['refreshdef'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	} else if (isset($_SESSION[$cid.'gbmode']) && !isset($_GET['refreshdef'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
@@ -315,10 +315,9 @@
 	} else {
 		if (isset($_GET['secfilter'])) {
 			$secfilter = $_GET['secfilter'];
-			$sessiondata[$cid.'secfilter'] = $secfilter;
-			writesessiondata();
-		} else if (isset($sessiondata[$cid.'secfilter'])) {
-			$secfilter = $sessiondata[$cid.'secfilter'];
+			$_SESSION[$cid.'secfilter'] = $secfilter;
+		} else if (isset($_SESSION[$cid.'secfilter'])) {
+			$secfilter = $_SESSION[$cid.'secfilter'];
 		} else {
 			$secfilter = -1;
 		}
@@ -376,7 +375,7 @@
 		 </style>';
 	$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/rubric.js?v=113016"></script>';
 	$useeditor = "noinit";
-	if ($sessiondata['useed']!=0) {
+	if ($_SESSION['useed']!=0) {
 		$placeinhead .= '<script type="text/javascript"> initeditor("divs","fbbox",null,true);</script>';
 	}
 	require("../includes/rubric.php");
@@ -624,7 +623,7 @@ function flattenarr($ar) {
 		}
 		*/
 		echo '<div id="gradeboxes">';
-		if ($sessiondata['useed']==0) {
+		if ($_SESSION['useed']==0) {
 			echo '<input type=button value="Expand Feedback Boxes" onClick="togglefeedback(this)"/> ';
 		}
 		if ($hassection) {
@@ -635,7 +634,7 @@ function flattenarr($ar) {
 			echo "<br/><span class=form>Add/Replace to all grades:</span><span class=formright><input type=text size=3 id=\"toallgrade\" onblur=\"this.value = doonblur(this.value);\"/>";
 			echo ' <input type=button value="Add" onClick="sendtoall(0,0);"/> <input type=button value="Multiply" onclick="sendtoall(0,1)"/> <input type=button value="Replace" onclick="sendtoall(0,2)"/></span><br class="form"/>';
 			echo "<span class=form>Add/Replace to all feedback:</span><span class=formright>";
-			if ($sessiondata['useed']==0) {
+			if ($_SESSION['useed']==0) {
 				echo "<input type=text size=40 id=\"toallfeedback\" name=\"toallfeedback\"/>";
 			} else {
 				echo '<div class="fbbox" id="toallfeedback"></div>';
@@ -659,7 +658,7 @@ function flattenarr($ar) {
 			echo '<td></td>';
 		}
 		echo '<td><input type="text" id="qascore" size="3" onblur="this.value = doonblur(this.value);" onkeydown="return qaonenter(event,this);" /></td>';
-		if ($sessiondata['useed']==0) {
+		if ($_SESSION['useed']==0) {
 			echo '<td><textarea id="qafeedback" rows="1" cols="60"></textarea></td><td>';
 		} else {
 			echo '<td><div id="qafeedback" class="fbbox"></div></td><td>';
@@ -748,7 +747,7 @@ function flattenarr($ar) {
 				echo printrubriclink($rubric,$points,"score". Sanitize::onlyint($row[0]),"feedback". Sanitize::onlyint($row[0]));
 			}
 			echo "</td>";
-			if ($sessiondata['useed']==0) {
+			if ($_SESSION['useed']==0) {
 				printf('<td><textarea cols=60 rows=1 id="feedback%d" name="feedback%d">%s</textarea></td>',
 					Sanitize::encodeStringForDisplay($row[0]), Sanitize::encodeStringForDisplay($row[0]),
 					Sanitize::encodeStringForDisplay($feedback[$row[0]]));
diff --git a/course/addquestions.php b/course/addquestions.php
index a862d58cde..a2bb5f4bd8 100644
--- a/course/addquestions.php
+++ b/course/addquestions.php
@@ -47,14 +47,12 @@
 	$aver = $row['ver'];
 	$modquestion = ($aver > 1) ? 'modquestion2' : 'modquestion';
 
-	if (isset($_GET['grp'])) { $sessiondata['groupopt'.$aid] = Sanitize::onlyInt($_GET['grp']); writesessiondata();}
+	if (isset($_GET['grp'])) { $_SESSION['groupopt'.$aid] = Sanitize::onlyInt($_GET['grp']);}
 	if (isset($_GET['selfrom'])) {
-		$sessiondata['selfrom'.$aid] = Sanitize::stripHtmlTags($_GET['selfrom']);
-		writesessiondata();
+		$_SESSION['selfrom'.$aid] = Sanitize::stripHtmlTags($_GET['selfrom']);
 	} else {
-		if (!isset($sessiondata['selfrom'.$aid])) {
-			$sessiondata['selfrom'.$aid] = 'lib';
-			writesessiondata();
+		if (!isset($_SESSION['selfrom'.$aid])) {
+			$_SESSION['selfrom'.$aid] = 'lib';
 		}
 	}
 
@@ -489,8 +487,8 @@
 	}
 
 	$grp0Selected = "";
-	if (isset($sessiondata['groupopt'.$aid])) {
-		$grp = $sessiondata['groupopt'.$aid];
+	if (isset($_SESSION['groupopt'.$aid])) {
+		$grp = $_SESSION['groupopt'.$aid];
 		$grp1Selected = ($grp==1) ? " selected" : "";
 	} else {
 		$grp = 0;
@@ -642,7 +640,7 @@
 	unset($questionjsarr);
 
 	//DATA MANIPULATION FOR POTENTIAL QUESTIONS
-	if ($sessiondata['selfrom'.$aid]=='lib') { //selecting from libraries
+	if ($_SESSION['selfrom'.$aid]=='lib') { //selecting from libraries
 
 		//remember search
 		if (isset($_POST['search'])) {
@@ -650,33 +648,32 @@
 			$safesearch = str_replace(' and ', ' ',$safesearch);
 			$search = $safesearch;
 			$search = str_replace('"','&quot;',$search);
-			$sessiondata['lastsearch'.$cid] = $safesearch; ///str_replace(" ","+",$safesearch);
+			$_SESSION['lastsearch'.$cid] = $safesearch; ///str_replace(" ","+",$safesearch);
 			if (isset($_POST['searchall'])) {
 				$searchall = 1;
 			} else {
 				$searchall = 0;
 			}
-			$sessiondata['searchall'.$cid] = $searchall;
+			$_SESSION['searchall'.$cid] = $searchall;
 			if (isset($_POST['searchmine'])) {
 				$searchmine = 1;
 			} else {
 				$searchmine = 0;
 			}
-			$sessiondata['searchmine'.$cid] = $searchmine;
+			$_SESSION['searchmine'.$cid] = $searchmine;
 			if (isset($_POST['newonly'])) {
 				$newonly = 1;
 			} else {
 				$newonly = 0;
 			}
-			$sessiondata['searchnewonly'.$cid] = $newonly;
-			writesessiondata();
-		} else if (isset($sessiondata['lastsearch'.$cid])) {
-			$safesearch = trim($sessiondata['lastsearch'.$cid]); //str_replace("+"," ",$sessiondata['lastsearch'.$cid]);
+			$_SESSION['searchnewonly'.$cid] = $newonly;
+		} else if (isset($_SESSION['lastsearch'.$cid])) {
+			$safesearch = trim($_SESSION['lastsearch'.$cid]); //str_replace("+"," ",$_SESSION['lastsearch'.$cid]);
 			$search = $safesearch;
 			$search = str_replace('"','&quot;',$search);
-			$searchall = $sessiondata['searchall'.$cid];
-			$searchmine = $sessiondata['searchmine'.$cid];
-			$newonly = $sessiondata['searchnewonly'.$cid];
+			$searchall = $_SESSION['searchall'.$cid];
+			$searchmine = $_SESSION['searchmine'.$cid];
+			$newonly = $_SESSION['searchnewonly'.$cid];
 		} else {
 			$search = '';
 			$searchall = 0;
@@ -729,23 +726,21 @@
 				$_POST['libs'] = $userdeflib;
 			}
 			$searchlibs = $_POST['libs'];
-			//$sessiondata['lastsearchlibs'] = implode(",",$searchlibs);
-			$sessiondata['lastsearchlibs'.$aid] = $searchlibs;
-			writesessiondata();
+			//$_SESSION['lastsearchlibs'] = implode(",",$searchlibs);
+			$_SESSION['lastsearchlibs'.$aid] = $searchlibs;
 		} else if (isset($_GET['listlib'])) {
 			$searchlibs = $_GET['listlib'];
-			$sessiondata['lastsearchlibs'.$aid] = $searchlibs;
+			$_SESSION['lastsearchlibs'.$aid] = $searchlibs;
 			$searchall = 0;
-			$sessiondata['searchall'.$aid] = $searchall;
-			$sessiondata['lastsearch'.$aid] = '';
+			$_SESSION['searchall'.$aid] = $searchall;
+			$_SESSION['lastsearch'.$aid] = '';
 			$searchlikes = '';
 			$searchlikevals = array();
 			$search = '';
 			$safesearch = '';
-			writesessiondata();
-		}else if (isset($sessiondata['lastsearchlibs'.$aid])) {
-			//$searchlibs = explode(",",$sessiondata['lastsearchlibs']);
-			$searchlibs = $sessiondata['lastsearchlibs'.$aid];
+		}else if (isset($_SESSION['lastsearchlibs'.$aid])) {
+			//$searchlibs = explode(",",$_SESSION['lastsearchlibs']);
+			$searchlibs = $_SESSION['lastsearchlibs'.$aid];
 		} else {
 			if (isset($CFG['AMS']['guesslib']) && count($existingq)>0) {
 				$maj = count($existingq)/2;
@@ -1020,20 +1015,19 @@
 
 		}
 
-	} else if ($sessiondata['selfrom'.$aid]=='assm') { //select from assessments
+	} else if ($_SESSION['selfrom'.$aid]=='assm') { //select from assessments
 
 		if (isset($_GET['clearassmt'])) {
-			unset($sessiondata['aidstolist'.$aid]);
+			unset($_SESSION['aidstolist'.$aid]);
 		}
 		if (isset($_POST['achecked'])) {
 			if (count($_POST['achecked'])!=0) {
 				$aidstolist = $_POST['achecked'];
-				$sessiondata['aidstolist'.$aid] = $aidstolist;
-				writesessiondata();
+				$_SESSION['aidstolist'.$aid] = $aidstolist;
 			}
 		}
-		if (isset($sessiondata['aidstolist'.$aid])) { //list questions
-			$aidlist = implode(',', array_map('intval', $sessiondata['aidstolist'.$aid]));
+		if (isset($_SESSION['aidstolist'.$aid])) { //list questions
+			$aidlist = implode(',', array_map('intval', $_SESSION['aidstolist'.$aid]));
 			$stm = $DBH->query("SELECT id,name,itemorder FROM imas_assessments WHERE id IN ($aidlist)");
 			while ($row = $stm->fetch(PDO::FETCH_NUM)) {
 				$aidnames[$row[0]] = $row[1];
@@ -1046,7 +1040,7 @@
 			}
 			$x=0;
 			$page_assessmentQuestions = array();
-			foreach ($sessiondata['aidstolist'.$aid] as $aidq) {
+			foreach ($_SESSION['aidstolist'.$aid] as $aidq) {
 				$query = "SELECT imas_questions.id,imas_questionset.id,imas_questionset.description,imas_questionset.qtype,imas_questionset.ownerid,imas_questionset.userights,imas_questionset.extref,imas_users.groupid FROM imas_questionset,imas_questions,imas_users";
 				$query .= " WHERE imas_questionset.id=imas_questions.questionsetid AND imas_questionset.ownerid=imas_users.id AND imas_questions.assessmentid=:assessmentid";
 				$stm = $DBH->prepare($query);
@@ -1164,7 +1158,7 @@ function addtoassessmentlist($items) {
 
 /******* begin html output ********/
 //hack to prevent the page breaking on accessible mode
-$sessiondata['useed'] = 1;
+$_SESSION['useed'] = 1;
  require("../header.php");
 
 if ($overwriteBody==1) {
@@ -1211,7 +1205,7 @@ function addtoassessmentlist($items) {
 		echo "<img src=\"$imasroot/img/help.gif\" alt=\"Help\"/> ";
 		echo 'How do I find questions to add?</a>';
 		echo '<div id="helpwithadding" style="display:none">';
-		if ($sessiondata['selfrom'.$aid]=='lib') {
+		if ($_SESSION['selfrom'.$aid]=='lib') {
 			echo "<p>You are currently set to select questions from the question libraries.  If you would like to select questions from ";
 			echo "assessments you've already created, click the <b>Select From Assessments</b> button below</p>";
 			echo "<p>To find questions to add from the question libraries:";
@@ -1220,7 +1214,7 @@ function addtoassessmentlist($items) {
 			echo " <li>Scroll down in the library selector, and click the <b>Use Libraries</b> button</li> ";
 			echo " <li>On this page, click the <b>Search</b> button to list the questions in the libraries selected.<br/>  You can limit the listing by entering a sepecific search term in the box provided first, or leave it blank to view all questions in the chosen libraries</li>";
 			echo "</ol>";
-		} else if ($sessiondata['selfrom'.$aid]=='assm') {
+		} else if ($_SESSION['selfrom'.$aid]=='assm') {
 			echo "<p>You are currently set to select questions existing assessments.  If you would like to select questions from ";
 			echo "the question libraries, click the <b>Select From Libraries</b> button below</p>";
 			echo "<p>To find questions to add from existing assessments:";
@@ -1306,7 +1300,7 @@ function addtoassessmentlist($items) {
 //<input type=button value="Select Libraries" onClick="libselect()">
 
 	//POTENTIAL QUESTIONS
-	if ($sessiondata['selfrom'.$aid]=='lib') { //selecting from libraries
+	if ($_SESSION['selfrom'.$aid]=='lib') { //selecting from libraries
 		if (!$beentaken) {
 ?>
 
@@ -1454,7 +1448,7 @@ function addtoassessmentlist($items) {
 			}
 		}
 
-	} else if ($sessiondata['selfrom'.$aid]=='assm') { //select from assessments
+	} else if ($_SESSION['selfrom'.$aid]=='assm') { //select from assessments
 ?>
 
 	<h2>Potential Questions</h2>
@@ -1462,7 +1456,7 @@ function addtoassessmentlist($items) {
 <?php
 		if (isset($_POST['achecked']) && (count($_POST['achecked'])==0)) {
 			echo "<p>No Assessments Selected.  Select at least one assessment.</p>";
-		} elseif (isset($sessiondata['aidstolist'.$aid])) { //list questions
+		} elseif (isset($_SESSION['aidstolist'.$aid])) { //list questions
 ?>
 	<form id="selq" method=post action="addquestions.php?cid=<?php echo $cid ?>&aid=<?php echo $aid ?>&addset=true">
 
diff --git a/course/course.php b/course/course.php
index 5c2ae832b6..450ccf7529 100644
--- a/course/course.php
+++ b/course/course.php
@@ -34,13 +34,13 @@ function buildBlockLeftNav($items, $parent, &$blocklist) {
 } else { // PERMISSIONS ARE OK, PROCEED WITH PROCESSING
 	$cid = Sanitize::courseId($_GET['cid']);
 
-	if (isset($teacherid) && isset($sessiondata['sessiontestid']) && !isset($sessiondata['actas']) && $sessiondata['courseid']==$cid) {
+	if (isset($teacherid) && isset($_SESSION['sessiontestid']) && !isset($_SESSION['actas']) && $_SESSION['courseid']==$cid) {
 		//clean up coming out of an assessment
 		require_once("../includes/filehandler.php");
-		//deleteasidfilesbyquery(array('id'=>$sessiondata['sessiontestid']),1);
-		deleteasidfilesbyquery2('id',$sessiondata['sessiontestid'],null,1);
+		//deleteasidfilesbyquery(array('id'=>$_SESSION['sessiontestid']),1);
+		deleteasidfilesbyquery2('id',$_SESSION['sessiontestid'],null,1);
 		$stm = $DBH->prepare("DELETE FROM imas_assessment_sessions WHERE id=:id LIMIT 1");
-		$stm->execute(array(':id'=>$sessiondata['sessiontestid']));
+		$stm->execute(array(':id'=>$_SESSION['sessiontestid']));
 	}
 	//TODO-assessver: figure out how to delete instructor attempts for new version
 
@@ -138,31 +138,28 @@ function buildBlockLeftNav($items, $parent, &$blocklist) {
 		$tutorid = $instrPreviewId;
 	}
 
-	if ((!isset($_GET['folder']) || $_GET['folder']=='') && !isset($sessiondata['folder'.$cid])) {
+	if ((!isset($_GET['folder']) || $_GET['folder']=='') && !isset($_SESSION['folder'.$cid])) {
 		$_GET['folder'] = '0';
-		$sessiondata['folder'.$cid] = '0';
-		writesessiondata();
-	} else if ((isset($_GET['folder']) && $_GET['folder']!='') && (!isset($sessiondata['folder'.$cid]) || $sessiondata['folder'.$cid]!=$_GET['folder'])) {
-		$sessiondata['folder'.$cid] = $_GET['folder'];
-		writesessiondata();
-	} else if ((!isset($_GET['folder']) || $_GET['folder']=='') && isset($sessiondata['folder'.$cid])) {
-		$_GET['folder'] = $sessiondata['folder'.$cid];
+		$_SESSION['folder'.$cid] = '0';
+	} else if ((isset($_GET['folder']) && $_GET['folder']!='') && (!isset($_SESSION['folder'.$cid]) || $_SESSION['folder'.$cid]!=$_GET['folder'])) {
+		$_SESSION['folder'.$cid] = $_GET['folder'];
+	} else if ((!isset($_GET['folder']) || $_GET['folder']=='') && isset($_SESSION['folder'.$cid])) {
+		$_GET['folder'] = $_SESSION['folder'.$cid];
 	}
-	if (!isset($_GET['quickview']) && !isset($sessiondata['quickview'.$cid])) {
+	if (!isset($_GET['quickview']) && !isset($_SESSION['quickview'.$cid])) {
 		$quickview = false;
 	} else if (isset($_GET['quickview'])) {
 		$quickview = $_GET['quickview'];
-		$sessiondata['quickview'.$cid] = $quickview;
-		writesessiondata();
-	} else if (isset($sessiondata['quickview'.$cid])) {
-		$quickview = $sessiondata['quickview'.$cid];
+		$_SESSION['quickview'.$cid] = $quickview;
+	} else if (isset($_SESSION['quickview'.$cid])) {
+		$quickview = $_SESSION['quickview'.$cid];
 	}
 	if ($quickview=="on") {
 		$_GET['folder'] = '0';
 		//$useleftnav = false;
 	}
-	if (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==3) { //folder view
-		if ($sessiondata['lti_keytype']!='cc-of') {
+	if (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==3) { //folder view
+		if ($_SESSION['lti_keytype']!='cc-of') {
 			$useleftnav = false;
 		}
 		$nocoursenav = true;
@@ -225,10 +222,10 @@ function buildBlockLeftNav($items, $parent, &$blocklist) {
 
 	$curBreadcrumb = $breadcrumbbase;
 	if (isset($backtrack) && count($backtrack)>0) {
-		if (isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==3) {
+		if (isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==3) {
 			array_unshift($backtrack, array($coursename, '0'));
 			$sendcrumb = '';
-			$depth = substr_count($sessiondata['ltiitemid'][1],'-');
+			$depth = substr_count($_SESSION['ltiitemid'][1],'-');
 			for ($i=$depth;$i<count($backtrack);$i++) {
 				if ($i>$depth) {
 					$curBreadcrumb .= " &gt; ";
@@ -372,7 +369,7 @@ function buildBlockLeftNav($items, $parent, &$blocklist) {
 }
 
 $placeinhead = "<script type=\"text/javascript\" src=\"$imasroot/javascript/course.js?v=061019\"></script>";
-if (isset($tutorid) && isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==3) {
+if (isset($tutorid) && isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==3) {
 	$placeinhead .= '<script type="text/javascript">$(function(){$(".instrdates").hide();});</script>';
 }
 
@@ -445,7 +442,7 @@ function additem(blk,tb) {
 		if (isset($instrPreviewId)) {
 			echo '<span class="noticetext">', _('Instructor Preview'), '</span> ';
 		}
-		if (isset($sessiondata['ltiitemtype'])) {
+		if (isset($_SESSION['ltiitemtype'])) {
 			echo "<a href=\"#\" onclick=\"GB_show('"._('User Preferences')."','$imasroot/admin/ltiuserprefs.php?cid=$cid&greybox=true',800,'auto');return false;\" title=\""._('User Preferences')."\" aria-label=\""._('Edit User Preferences')."\">";
 			echo "<span id=\"myname\">".Sanitize::encodeStringForDisplay($userfullname)."</span>";
 			echo "<img style=\"vertical-align:top\" src=\"$imasroot/img/gears.png\" alt=\"\"/></a>";
@@ -599,7 +596,7 @@ function additem(blk,tb) {
 			echo '</p>';
 		}
 
-		if (!isset($sessiondata['ltiitemtype'])) { //don't show in LTI embed
+		if (!isset($_SESSION['ltiitemtype'])) { //don't show in LTI embed
 	?>
 			<p>
 			<a href="../actions.php?action=logout"><?php echo _('Log Out'); ?></a><br/>
diff --git a/course/courseshowitems.php b/course/courseshowitems.php
index e5c7d4271e..592e1c7feb 100644
--- a/course/courseshowitems.php
+++ b/course/courseshowitems.php
@@ -9,7 +9,7 @@
 	$addassess = 'addassessment.php';
 }
 
-if (isset ( $studentid ) && ! isset ( $sessiondata ['stuview'] )) {
+if (isset ( $studentid ) && ! isset ( $_SESSION ['stuview'] )) {
 	$exceptionfuncs = new ExceptionFuncs ( $userid, $cid, true, $studentinfo ['latepasses'], $latepasshrs );
 } else {
 	$exceptionfuncs = new ExceptionFuncs ( $userid, $cid, false );
@@ -199,7 +199,7 @@ function getWikiDD($i, $typeid, $parent, $itemid) {
 
 $itemshowdata = null;
 function showitems($items,$parent,$inpublic=false,$greyitems=0) {
-	   global $DBH,$teacherid,$tutorid,$studentid,$cid,$imasroot,$userid,$openblocks,$firstload,$sessiondata,$myrights,$courseenddate;
+	   global $DBH,$teacherid,$tutorid,$studentid,$cid,$imasroot,$userid,$openblocks,$firstload,$myrights,$courseenddate;
 	   global $itemicons,$exceptions,$latepasses,$ispublic,$studentinfo,$newpostcnts,$CFG,$latepasshrs,$toolset,$readlinkeditems;
 	   global $itemshowdata, $exceptionfuncs;
 
@@ -697,7 +697,7 @@ function showitems($items,$parent,$inpublic=false,$greyitems=0) {
 				   	   $line['summary'] = '';
 				   }
 			   }
-			   if (isset($studentid) && !isset($sessiondata['stuview'])) {
+			   if (isset($studentid) && !isset($_SESSION['stuview'])) {
 			   	   $rec = "data-base=\"assesssum-$typeid\" ";
 			   	   $line['summary'] = str_replace('<a ','<a '.$rec, $line['summary']);
 			   }
@@ -904,7 +904,7 @@ function showitems($items,$parent,$inpublic=false,$greyitems=0) {
 					if ($canundolatepass) {
 						 echo " | <a href=\"redeemlatepass.php?cid=$cid&aid=$typeid&undo=true\">", _('Un-use LatePass'), "</a>";
 					}
-				   } else if ($line['allowlate']>0 && isset($sessiondata['stuview'])) {
+				   } else if ($line['allowlate']>0 && isset($_SESSION['stuview'])) {
 					echo _(' LatePass Allowed');
 				   } else if ($line['allowlate']>0 && $canundolatepass) {
 				   	   echo " <a href=\"redeemlatepass.php?cid=$cid&aid=$typeid&undo=true\">", _('Un-use LatePass'), "</a>";
@@ -945,7 +945,7 @@ function showitems($items,$parent,$inpublic=false,$greyitems=0) {
 					}
 				   	echo '</span>';
 
-				   } else if (isset($sessiondata['stuview']) && $line['allowlate']>10 && ($now - $line['enddate'])<$latepasshrs*3600) {
+				   } else if (isset($_SESSION['stuview']) && $line['allowlate']>10 && ($now - $line['enddate'])<$latepasshrs*3600) {
 					echo _(' LatePass Allowed');
 				   }
 					 if ($line['ver']>1) {
@@ -1126,7 +1126,7 @@ function showitems($items,$parent,$inpublic=false,$greyitems=0) {
 				   	   $line['text'] = '';
 				   }
 			   }
-			   if (isset($studentid) && !isset($sessiondata['stuview'])) {
+			   if (isset($studentid) && !isset($_SESSION['stuview'])) {
 			   	   $rec = "data-base=\"inlinetext-$typeid\" ";
 			   	   $line['text'] = str_replace('<a ','<a '.$rec, $line['text']);
 			   }
@@ -1356,7 +1356,7 @@ function showitems($items,$parent,$inpublic=false,$greyitems=0) {
 				   	   $line['summary'] = '';
 				   }
 			   }
-			   if (isset($studentid) && !isset($sessiondata['stuview'])) {
+			   if (isset($studentid) && !isset($_SESSION['stuview'])) {
 			   	   $rec = "data-base=\"linkedsum-$typeid\" ";
 			   	   $line['summary'] = str_replace('<a ','<a '.$rec, $line['summary']);
 			   }
@@ -1417,7 +1417,7 @@ function showitems($items,$parent,$inpublic=false,$greyitems=0) {
 				   }
 				   $icon = 'html';
 			   }
-			   if (isset($studentid) && !isset($sessiondata['stuview'])) {
+			   if (isset($studentid) && !isset($_SESSION['stuview'])) {
 			   	   $rec = "data-base=\"linkedlink-$typeid\"";
 			   } else {
 			   	   $rec = '';
@@ -1547,7 +1547,7 @@ function showitems($items,$parent,$inpublic=false,$greyitems=0) {
 					   echo '</span>';
 				   } else
 				   if ($duedates!='') {echo "<br/>$duedates";}
-				   if ($line['allowlate']>0 && isset($sessiondata['stuview'])) {
+				   if ($line['allowlate']>0 && isset($_SESSION['stuview'])) {
 					echo _(' LatePass Allowed');
 				   } else if (!$canedit) {
 				   	if ($canuselatepassP || $canuselatepassR) {
@@ -1743,7 +1743,7 @@ function showitems($items,$parent,$inpublic=false,$greyitems=0) {
 				   if ($ispublic) {
 				   	   echo "<b><a href=\"../wikis/viewwikipublic.php?cid=$cid&id={$line['id']}\">".Sanitize::encodeStringForDisplay($line['name'])."</a></b>\n";
 				   } else {
-				   	   if (isset($studentid) && !isset($sessiondata['stuview'])) {
+				   	   if (isset($studentid) && !isset($_SESSION['stuview'])) {
 						   $rec = "data-base=\"wiki-$typeid\"";
 					   } else {
 						   $rec = '';
@@ -1974,7 +1974,7 @@ function formatdate($date) {
 
    //instructor-only tree-based quick view of full course
    function quickview($items,$parent,$showdates=false,$showlinks=true) {
-	   global $DBH,$teacherid,$cid,$imasroot,$userid,$openblocks,$firstload,$sessiondata,$hideicons,$exceptions,$latepasses,$CFG;
+	   global $DBH,$teacherid,$cid,$imasroot,$userid,$openblocks,$firstload,$hideicons,$exceptions,$latepasses,$CFG;
 	   global $itemtypes, $iteminfo, $addassess;
 	   if (!is_array($openblocks)) {$openblocks = array();}
 	   if ($parent=='0') {
diff --git a/course/drillassess.php b/course/drillassess.php
index c4fff88c26..41877f66f4 100644
--- a/course/drillassess.php
+++ b/course/drillassess.php
@@ -21,7 +21,7 @@
 $daid = intval($_GET['daid']);
 $now = time();
 
-if (isset($studentid) && !isset($sessiondata['stuview']) &&
+if (isset($studentid) && !isset($_SESSION['stuview']) &&
 	!isset($_GET['start']) && !isset($_GET['score'])
 ) {
 	$query = "INSERT INTO imas_content_track (userid,courseid,type,typeid,viewtime) VALUES ";
diff --git a/course/exception.php b/course/exception.php
index 891bb65c71..528dbea0ac 100644
--- a/course/exception.php
+++ b/course/exception.php
@@ -41,7 +41,7 @@
 }
 
 $curBreadcrumb = $breadcrumbbase;
-if (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0) {
+if (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0) {
 	$curBreadcrumb .= "<a href=\"course.php?cid=". Sanitize::courseId($_GET['cid'])."\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 	if ($stu>0) {
 		$curBreadcrumb .= "<a href=\"gradebook.php?stu=0&cid=$cid\">Gradebook</a> ";
diff --git a/course/gb-export.php b/course/gb-export.php
index 75ae9fe47d..eea8cdda9a 100644
--- a/course/gb-export.php
+++ b/course/gb-export.php
@@ -10,8 +10,8 @@
 		exit;
 	}
 	$canviewall = true;
-	if (isset($sessiondata[$cid.'gbmode'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	if (isset($_SESSION[$cid.'gbmode'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
diff --git a/course/gb-itemanalysis.php b/course/gb-itemanalysis.php
index 62bbdec598..41451d9b75 100644
--- a/course/gb-itemanalysis.php
+++ b/course/gb-itemanalysis.php
@@ -11,8 +11,8 @@
 		echo "This page not available to students";
 		exit;
 	}
-	if (isset($sessiondata[$cid.'gbmode'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	if (isset($_SESSION[$cid.'gbmode'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
@@ -35,10 +35,9 @@
 	} else {
 		if (isset($_GET['secfilter'])) {
 			$secfilter = $_GET['secfilter'];
-			$sessiondata[$cid.'secfilter'] = $secfilter;
-			writesessiondata();
-		} else if (isset($sessiondata[$cid.'secfilter'])) {
-			$secfilter = $sessiondata[$cid.'secfilter'];
+			$_SESSION[$cid.'secfilter'] = $secfilter;
+		} else if (isset($_SESSION[$cid.'secfilter'])) {
+			$secfilter = $_SESSION[$cid.'secfilter'];
 		} else {
 			$secfilter = -1;
 		}
diff --git a/course/gb-itemanalysis2.php b/course/gb-itemanalysis2.php
index f19a776ea9..22743eb6c5 100644
--- a/course/gb-itemanalysis2.php
+++ b/course/gb-itemanalysis2.php
@@ -11,8 +11,8 @@
 		echo "This page not available to students";
 		exit;
 	}
-	if (isset($sessiondata[$cid.'gbmode'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	if (isset($_SESSION[$cid.'gbmode'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
@@ -35,10 +35,9 @@
 	} else {
 		if (isset($_GET['secfilter'])) {
 			$secfilter = $_GET['secfilter'];
-			$sessiondata[$cid.'secfilter'] = $secfilter;
-			writesessiondata();
-		} else if (isset($sessiondata[$cid.'secfilter'])) {
-			$secfilter = $sessiondata[$cid.'secfilter'];
+			$_SESSION[$cid.'secfilter'] = $secfilter;
+		} else if (isset($_SESSION[$cid.'secfilter'])) {
+			$secfilter = $_SESSION[$cid.'secfilter'];
 		} else {
 			$secfilter = -1;
 		}
diff --git a/course/gb-itemanalysisdetail.php b/course/gb-itemanalysisdetail.php
index 033441ed0b..632037ead3 100644
--- a/course/gb-itemanalysisdetail.php
+++ b/course/gb-itemanalysisdetail.php
@@ -32,10 +32,9 @@
 } else {
 	if (isset($_GET['secfilter'])) {
 		$secfilter = $_GET['secfilter'];
-		$sessiondata[$cid.'secfilter'] = $secfilter;
-		writesessiondata();
-	} else if (isset($sessiondata[$cid.'secfilter'])) {
-		$secfilter = $sessiondata[$cid.'secfilter'];
+		$_SESSION[$cid.'secfilter'] = $secfilter;
+	} else if (isset($_SESSION[$cid.'secfilter'])) {
+		$secfilter = $_SESSION[$cid.'secfilter'];
 	} else {
 		$secfilter = -1;
 	}
diff --git a/course/gb-itemanalysisdetail2.php b/course/gb-itemanalysisdetail2.php
index 1f0bf47a7f..6c3e9efe8f 100644
--- a/course/gb-itemanalysisdetail2.php
+++ b/course/gb-itemanalysisdetail2.php
@@ -32,10 +32,9 @@
 } else {
 	if (isset($_GET['secfilter'])) {
 		$secfilter = $_GET['secfilter'];
-		$sessiondata[$cid.'secfilter'] = $secfilter;
-		writesessiondata();
-	} else if (isset($sessiondata[$cid.'secfilter'])) {
-		$secfilter = $sessiondata[$cid.'secfilter'];
+		$_SESSION[$cid.'secfilter'] = $secfilter;
+	} else if (isset($_SESSION[$cid.'secfilter'])) {
+		$secfilter = $_SESSION[$cid.'secfilter'];
 	} else {
 		$secfilter = -1;
 	}
diff --git a/course/gb-testing.php b/course/gb-testing.php
index ca041853ea..c8f100c9de 100644
--- a/course/gb-testing.php
+++ b/course/gb-testing.php
@@ -21,19 +21,17 @@
 
 	if (isset($_GET['timefilter'])) {
 		$timefilter = $_GET['timefilter'];
-		$sessiondata[$cid.'timefilter'] = $timefilter;
-		writesessiondata();
-	} else if (isset($sessiondata[$cid.'timefilter'])) {
-		$timefilter = $sessiondata[$cid.'timefilter'];
+		$_SESSION[$cid.'timefilter'] = $timefilter;
+	} else if (isset($_SESSION[$cid.'timefilter'])) {
+		$timefilter = $_SESSION[$cid.'timefilter'];
 	} else {
 		$timefilter = 2;
 	}
 	if (isset($_GET['lnfilter'])) {
 		$lnfilter = trim($_GET['lnfilter']);
-		$sessiondata[$cid.'lnfilter'] = $lnfilter;
-		writesessiondata();
-	} else if (isset($sessiondata[$cid.'lnfilter'])) {
-		$lnfilter = $sessiondata[$cid.'lnfilter'];
+		$_SESSION[$cid.'lnfilter'] = $lnfilter;
+	} else if (isset($_SESSION[$cid.'lnfilter'])) {
+		$lnfilter = $_SESSION[$cid.'lnfilter'];
 	} else {
 		$lnfilter = '';
 	}
@@ -42,10 +40,9 @@
 	} else {
 		if (isset($_GET['secfilter'])) {
 			$secfilter = $_GET['secfilter'];
-			$sessiondata[$cid.'secfilter'] = $secfilter;
-			writesessiondata();
-		} else if (isset($sessiondata[$cid.'secfilter'])) {
-			$secfilter = $sessiondata[$cid.'secfilter'];
+			$_SESSION[$cid.'secfilter'] = $secfilter;
+		} else if (isset($_SESSION[$cid.'secfilter'])) {
+			$secfilter = $_SESSION[$cid.'secfilter'];
 		} else {
 			$secfilter = -1;
 		}
diff --git a/course/gb-viewasid.php b/course/gb-viewasid.php
index 966611f169..fc3c25cfad 100644
--- a/course/gb-viewasid.php
+++ b/course/gb-viewasid.php
@@ -23,8 +23,8 @@
 	}
 
 	if ($isteacher || $istutor) {
-		if (isset($sessiondata[$cid.'gbmode'])) {
-			$gbmode =  $sessiondata[$cid.'gbmode'];
+		if (isset($_SESSION[$cid.'gbmode'])) {
+			$gbmode =  $_SESSION[$cid.'gbmode'];
 		} else {
 			$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 			$stm->execute(array(':courseid'=>$cid));
@@ -393,7 +393,7 @@
 		}
 	}
 	if (isset($_GET['forcegraphimg'])) {
-		$sessiondata['graphdisp'] = 2;
+		$_SESSION['graphdisp'] = 2;
 	}
 
 	//OUTPUTS
@@ -502,13 +502,13 @@
 			exit;
 		}
 		$useeditor='review';
-		$sessiondata['coursetheme'] = $coursetheme;
-		$sessiondata['isteacher'] = $isteacher;
+		$_SESSION['coursetheme'] = $coursetheme;
+		$_SESSION['isteacher'] = $isteacher;
 		if ($isteacher || $istutor) {
 			$placeinhead = '<script type="text/javascript" src="'.$imasroot.'/javascript/rubric.js?v=031417"></script>';
 			require("../includes/rubric.php");
 			$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/gb-scoretools.js?v=042519"></script>';
-			if ($sessiondata['useed']!=0) {
+			if ($_SESSION['useed']!=0) {
 				$placeinhead .= '<script type="text/javascript"> initeditor("divs","fbbox",null,true);</script>';
 			}
 		}
@@ -551,7 +551,7 @@
 		}
 
 		echo "<div class=breadcrumb>$breadcrumbbase ";
-		if (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0) {
+		if (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0) {
 			echo "<a href=\"course.php?cid=".Sanitize::courseId($_GET['cid'])."\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 
 			if ($stu>0) {
@@ -959,7 +959,7 @@
 					echo '<span id="fb-'.$i.'-wrap">';
 				}
 				echo '<br/>'._('Feedback').':<br/>';
-				if ($sessiondata['useed']==0) {
+				if ($_SESSION['useed']==0) {
 					echo '<textarea id="fb-'.$i.'" name="fb-'.$i.'" class="fbbox" cols=60 rows=2>'.Sanitize::encodeStringForDisplay($feedback["Q$i"], true).'</textarea>';
 				} else {
 					echo '<div id="fb-'.$i.'" class="fbbox" cols=60 rows=2>'.Sanitize::outgoingHtml($feedback["Q$i"]).'</div>';
@@ -1093,7 +1093,7 @@
 		echo "<p></p><div class=review>Total: $total/$totalpossible</div>\n";
 		if ($canedit && !isset($_GET['lastver']) && !isset($_GET['reviewver'])) {
 			echo "<p>General feedback:<br/>";
-			if ($sessiondata['useed']==0) {
+			if ($_SESSION['useed']==0) {
 				echo "<textarea cols=60 rows=4 id=\"feedback\" name=\"feedback\" class=\"fbbox\">";
 				if (!empty($feedback["Z"])) {
 					echo Sanitize::encodeStringForDisplay($feedback["Z"]);
@@ -1110,7 +1110,7 @@
 				echo "<p>Update grade for all group members? <input type=checkbox name=\"updategroup\" checked=\"checked\" /></p>";
 			}
 			echo "<p><input type=submit value=\"Record Changed Grades\"> ";
-			if (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0) {
+			if (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0) {
 				echo "<a href=\"$backurl\">Return to GradeBook without saving</a></p>\n";
 			}
 			/*
@@ -1132,7 +1132,7 @@
 				echo Sanitize::outgoingHtml($feedback["Z"]);
 			}
 			echo "</div></p>";
-			if (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0) {
+			if (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0) {
 				echo "<p><a href=\"gradebook.php?stu=$stu&cid=$cid\">Return to GradeBook</a></p>\n";
 			}
 		}
diff --git a/course/getblockitems.php b/course/getblockitems.php
index 65e581d0ad..678d30a986 100644
--- a/course/getblockitems.php
+++ b/course/getblockitems.php
@@ -144,7 +144,7 @@
    if ($firstload) {
 	   echo "<script>document.cookie = 'openblocks-$cid=' + oblist;</script>\n";
    }
-   if (isset($tutorid) && isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==3) {
+   if (isset($tutorid) && isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==3) {
 	echo '<script type="text/javascript">$(".instrdates").hide();</script>';
    }
 
diff --git a/course/gradeallq.php b/course/gradeallq.php
index 731728ea31..a9d44e3487 100644
--- a/course/gradeallq.php
+++ b/course/gradeallq.php
@@ -16,8 +16,8 @@
 	$stu = $_GET['stu'];
 	if (isset($_GET['gbmode']) && $_GET['gbmode']!='') {
 	$gbmode = $_GET['gbmode'];
-	} else if (isset($sessiondata[$cid.'gbmode'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	} else if (isset($_SESSION[$cid.'gbmode'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
@@ -40,10 +40,9 @@
 		$secfilter = $tutorsection;
 	} else if (isset($_GET['secfilter'])) {
 		$secfilter = $_GET['secfilter'];
-		$sessiondata[$cid.'secfilter'] = $secfilter;
-		writesessiondata();
-	} else if (isset($sessiondata[$cid.'secfilter'])) {
-		$secfilter = $sessiondata[$cid.'secfilter'];
+		$_SESSION[$cid.'secfilter'] = $secfilter;
+	} else if (isset($_SESSION[$cid.'secfilter'])) {
+		$secfilter = $_SESSION[$cid.'secfilter'];
 	} else {
 		$secfilter = -1;
 	}
@@ -288,12 +287,12 @@
 		window.location = toopen;
 		}';
 	$placeinhead .= '</script>';
-	if ($sessiondata['useed']!=0) {
+	if ($_SESSION['useed']!=0) {
 		$placeinhead .= '<script type="text/javascript"> initeditor("divs","fbbox",1,true);</script>';
 	}
 	$placeinhead .= '<style type="text/css"> .fixedbottomright {position: fixed; right: 10px; bottom: 10px; z-index:10;}</style>';
 	require("../includes/rubric.php");
-	$sessiondata['coursetheme'] = $coursetheme;
+	$_SESSION['coursetheme'] = $coursetheme;
 	require("../assessment/header.php");
 	echo "<style type=\"text/css\">p.tips {	display: none;}\n .hideongradeall { display: none;} .pseudohidden {visibility:hidden;position:absolute;}</style>\n";
 	echo "<div class=breadcrumb>$breadcrumbbase <a href=\"course.php?cid=".Sanitize::courseId($_GET['cid'])."\">".Sanitize::encodeStringForDisplay($coursename)."</a> ";
@@ -668,7 +667,7 @@
 				echo '<div>';
 				echo Sanitize::outgoingHtml($feedback["Q$loc"]);
 				echo '</div>';
-			} else if ($sessiondata['useed']==0) {
+			} else if ($_SESSION['useed']==0) {
 				echo '<br/><textarea cols="60" rows="2" class="fbbox" id="fb-'.$loc.'-'.Sanitize::onlyInt($line['id']).'" name="fb-'.$loc.'-'.Sanitize::onlyInt($line['id']).'">';
 				echo Sanitize::encodeStringForDisplay($feedback["Q$loc"], true);
 				echo '</textarea>';
diff --git a/course/gradeallq2.php b/course/gradeallq2.php
index ca3cda0dc7..fd7c079b59 100644
--- a/course/gradeallq2.php
+++ b/course/gradeallq2.php
@@ -24,8 +24,8 @@
 	$stu = $_GET['stu'];
 	if (isset($_GET['gbmode']) && $_GET['gbmode']!='') {
 	$gbmode = $_GET['gbmode'];
-	} else if (isset($sessiondata[$cid.'gbmode'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	} else if (isset($_SESSION[$cid.'gbmode'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
@@ -48,10 +48,9 @@
 		$secfilter = $tutorsection;
 	} else if (isset($_GET['secfilter'])) {
 		$secfilter = $_GET['secfilter'];
-		$sessiondata[$cid.'secfilter'] = $secfilter;
-		writesessiondata();
-	} else if (isset($sessiondata[$cid.'secfilter'])) {
-		$secfilter = $sessiondata[$cid.'secfilter'];
+		$_SESSION[$cid.'secfilter'] = $secfilter;
+	} else if (isset($_SESSION[$cid.'secfilter'])) {
+		$secfilter = $_SESSION[$cid.'secfilter'];
 	} else {
 		$secfilter = -1;
 	}
@@ -295,12 +294,12 @@
 		window.location = toopen;
 		}';
 	$placeinhead .= '</script>';
-	if ($sessiondata['useed']!=0) {
+	if ($_SESSION['useed']!=0) {
 		$placeinhead .= '<script type="text/javascript"> initeditor("divs","fbbox",1,true);</script>';
 	}
 	$placeinhead .= '<style type="text/css"> .fixedbottomright {position: fixed; right: 10px; bottom: 10px; z-index:10;}</style>';
 	require("../includes/rubric.php");
-	$sessiondata['coursetheme'] = $coursetheme;
+	$_SESSION['coursetheme'] = $coursetheme;
 	require("../header.php");
 	echo "<style type=\"text/css\">p.tips {	display: none;}\n .hideongradeall { display: none;} .pseudohidden {visibility:hidden;position:absolute;}</style>\n";
 	echo "<div class=breadcrumb>$breadcrumbbase <a href=\"course.php?cid=".Sanitize::courseId($_GET['cid'])."\">".Sanitize::encodeStringForDisplay($coursename)."</a> ";
@@ -575,7 +574,7 @@
 				echo '<div>';
 				echo Sanitize::outgoingHtml($qdata['feedback']);
 				echo '</div>';
-			} else if ($sessiondata['useed']==0) {
+			} else if ($_SESSION['useed']==0) {
 				echo '<br/><textarea cols="60" rows="2" class="fbbox" id="fb-'.$loc.'-'.Sanitize::onlyInt($line['userid']).'" name="fb-'.$loc.'-'.Sanitize::onlyInt($line['userid']).'">';
 				echo Sanitize::encodeStringForDisplay($qdata['feedback'], true);
 				echo '</textarea>';
diff --git a/course/gradebook.php b/course/gradebook.php
index cc09df7d9d..26cc4b8e88 100644
--- a/course/gradebook.php
+++ b/course/gradebook.php
@@ -39,20 +39,18 @@
 if ($canviewall) {
 	if (isset($_GET['gbmode']) && $_GET['gbmode']!='') {
 		$gbmode = $_GET['gbmode'];
-		$sessiondata[$cid.'gbmode'] = $gbmode;
-		writesessiondata();
+		$_SESSION[$cid.'gbmode'] = $gbmode;
 		if (isset($_GET['setgbmodeonly'])) {
 			echo "DONE";
 			exit;
 		}
-	} else if (isset($sessiondata[$cid.'gbmode']) && !isset($_GET['refreshdef'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	} else if (isset($_SESSION[$cid.'gbmode']) && !isset($_GET['refreshdef'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
 		$gbmode = $stm->fetchColumn(0);
-		$sessiondata[$cid.'gbmode'] = $gbmode;
-		writesessiondata();
+		$_SESSION[$cid.'gbmode'] = $gbmode;
 	}
 	if (isset($_COOKIE["colorize-$cid"]) && !isset($_GET['refreshdef'])) {
 		$colorize = $_COOKIE["colorize-$cid"];
@@ -64,10 +62,9 @@
 	}
 	if (isset($_GET['catfilter'])) {
 		$catfilter = $_GET['catfilter'];
-		$sessiondata[$cid.'catfilter'] = $catfilter;
-		writesessiondata();
-	} else if (isset($sessiondata[$cid.'catfilter'])) {
-		$catfilter = $sessiondata[$cid.'catfilter'];
+		$_SESSION[$cid.'catfilter'] = $catfilter;
+	} else if (isset($_SESSION[$cid.'catfilter'])) {
+		$catfilter = $_SESSION[$cid.'catfilter'];
 	} else {
 		$catfilter = -1;
 	}
@@ -76,27 +73,24 @@
 	} else {
 		if (isset($_GET['secfilter'])) {
 			$secfilter = $_GET['secfilter'];
-			$sessiondata[$cid.'secfilter'] = $secfilter;
-			writesessiondata();
-		} else if (isset($sessiondata[$cid.'secfilter'])) {
-			$secfilter = $sessiondata[$cid.'secfilter'];
+			$_SESSION[$cid.'secfilter'] = $secfilter;
+		} else if (isset($_SESSION[$cid.'secfilter'])) {
+			$secfilter = $_SESSION[$cid.'secfilter'];
 		} else {
 			$secfilter = -1;
 		}
 	}
-	if (isset($_GET['refreshdef']) && isset($sessiondata[$cid.'catcollapse'])) {
-		unset($sessiondata[$cid.'catcollapse']);
-		writesessiondata();
+	if (isset($_GET['refreshdef']) && isset($_SESSION[$cid.'catcollapse'])) {
+		unset($_SESSION[$cid.'catcollapse']);
 	}
-	if (isset($sessiondata[$cid.'catcollapse'])) {
-		$overridecollapse = $sessiondata[$cid.'catcollapse'];
+	if (isset($_SESSION[$cid.'catcollapse'])) {
+		$overridecollapse = $_SESSION[$cid.'catcollapse'];
 	} else {
 		$overridecollapse = array();
 	}
 	if (isset($_GET['catcollapse'])) {
 		$overridecollapse[$_GET['cat']] = $_GET['catcollapse'];
-		$sessiondata[$cid.'catcollapse'] = $overridecollapse;
-		writesessiondata();
+		$_SESSION[$cid.'catcollapse'] = $overridecollapse;
 	}
 
 	//Gbmode : Links NC Dates
diff --git a/course/isolateassessgrade.php b/course/isolateassessgrade.php
index e28907445c..5b22079c08 100644
--- a/course/isolateassessgrade.php
+++ b/course/isolateassessgrade.php
@@ -37,8 +37,8 @@
 
 	if (isset($_GET['gbmode']) && $_GET['gbmode']!='') {
 		$gbmode = $_GET['gbmode'];
-	} else if (isset($sessiondata[$cid.'gbmode'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	} else if (isset($_SESSION[$cid.'gbmode'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
@@ -54,10 +54,9 @@
 	} else {
 		if (isset($_GET['secfilter'])) {
 			$secfilter = $_GET['secfilter'];
-			$sessiondata[$cid.'secfilter'] = $secfilter;
-			writesessiondata();
-		} else if (isset($sessiondata[$cid.'secfilter'])) {
-			$secfilter = $sessiondata[$cid.'secfilter'];
+			$_SESSION[$cid.'secfilter'] = $secfilter;
+		} else if (isset($_SESSION[$cid.'secfilter'])) {
+			$secfilter = $_SESSION[$cid.'secfilter'];
 		} else {
 			$secfilter = -1;
 		}
diff --git a/course/listusers.php b/course/listusers.php
index 8d7832b1b2..37e7f4e5b8 100644
--- a/course/listusers.php
+++ b/course/listusers.php
@@ -14,19 +14,17 @@
 $cid = Sanitize::courseId($_GET['cid']);
 if (isset($_GET['secfilter'])) {
 	$secfilter = $_GET['secfilter'];
-	$sessiondata[$cid.'secfilter'] = $secfilter;
-	writesessiondata();
-} else if (isset($sessiondata[$cid.'secfilter'])) {
-	$secfilter = $sessiondata[$cid.'secfilter'];
+	$_SESSION[$cid.'secfilter'] = $secfilter;
+} else if (isset($_SESSION[$cid.'secfilter'])) {
+	$secfilter = $_SESSION[$cid.'secfilter'];
 } else {
 	$secfilter = -1;
 }
 if (isset($_GET['rmode'])) {
 	$rmode = $_GET['rmode'];
-	$sessiondata[$cid.'rmode'] = $rmode;
-	writesessiondata();
-} else if (isset($sessiondata[$cid.'rmode'])) {
-	$rmode = $sessiondata[$cid.'rmode'];
+	$_SESSION[$cid.'rmode'] = $rmode;
+} else if (isset($_SESSION[$cid.'rmode'])) {
+	$rmode = $_SESSION[$cid.'rmode'];
 } else {
 	$rmode = 0;
 }
diff --git a/course/logingrid.php b/course/logingrid.php
index e1631d565f..b41ec73b20 100644
--- a/course/logingrid.php
+++ b/course/logingrid.php
@@ -8,10 +8,9 @@
 $cid = Sanitize::courseId($_GET['cid']);
 if (isset($_GET['secfilter'])) {
 	$secfilter = $_GET['secfilter'];
-	$sessiondata[$cid.'secfilter'] = $secfilter;
-	writesessiondata();
-} else if (isset($sessiondata[$cid.'secfilter'])) {
-	$secfilter = $sessiondata[$cid.'secfilter'];
+	$_SESSION[$cid.'secfilter'] = $secfilter;
+} else if (isset($_SESSION[$cid.'secfilter'])) {
+	$secfilter = $_SESSION[$cid.'secfilter'];
 } else {
 	$secfilter = -1;
 }
diff --git a/course/manageqset.php b/course/manageqset.php
index 38d70d5ebe..c699748ac7 100644
--- a/course/manageqset.php
+++ b/course/manageqset.php
@@ -305,8 +305,8 @@
 							$ins_stm->execute(array(':libid'=>$libid, ':qsetid'=>$qsetid, ':ownerid'=>$userid, ':now'=>$now));
 						}
 						//determine which libraries to remove from; my lib assignments - newlibs
-						if ($sessiondata['lastsearchlibs'.$cid]!='') {
-							$listedlibs = explode(',', $sessiondata['lastsearchlibs'.$cid]);
+						if ($_SESSION['lastsearchlibs'.$cid]!='') {
+							$listedlibs = explode(',', $_SESSION['lastsearchlibs'.$cid]);
 						} else {
 							$listedlibs = array();
 						}
@@ -595,19 +595,19 @@
 			$safesearch = str_replace(' and ', ' ',$safesearch);
 			$search = $safesearch;
 			$search = str_replace('"','&quot;',$search);
-			$sessiondata['lastsearch'.$cid] = $safesearch; //str_replace(" ","+",$safesearch);
+			$_SESSION['lastsearch'.$cid] = $safesearch; //str_replace(" ","+",$safesearch);
 			if (isset($_POST['searchall'])) {
 				$searchall = 1;
 			} else {
 				$searchall = 0;
 			}
-			$sessiondata['searchall'.$cid] = $searchall;
+			$_SESSION['searchall'.$cid] = $searchall;
 			if (isset($_POST['searchmine'])) {
 				$searchmine = 1;
 			} else {
 				$searchmine = 0;
 			}
-			$sessiondata['searchmine'.$cid] = $searchmine;
+			$_SESSION['searchmine'.$cid] = $searchmine;
 
 
 			if ($searchall==1 && trim($search)=='' && $searchmine==0) {
@@ -623,26 +623,24 @@
 				} else {
 					$hidepriv = 0;
 				}
-				$sessiondata['hidepriv'.$cid] = $hidepriv;
+				$_SESSION['hidepriv'.$cid] = $hidepriv;
 				if (isset($_POST['skipfederated'])) {
 					$skipfederated = 1;
 				} else {
 					$skipfederated = 0;
 				}
-				$sessiondata['skipfederated'.$cid] = $skipfederated;
+				$_SESSION['skipfederated'.$cid] = $skipfederated;
 			}
-
-			writesessiondata();
-		} else if (isset($sessiondata['lastsearch'.$cid])) {
-			$safesearch = trim($sessiondata['lastsearch'.$cid]); //str_replace("+"," ",$sessiondata['lastsearch'.$cid]);
+		} else if (isset($_SESSION['lastsearch'.$cid])) {
+			$safesearch = trim($_SESSION['lastsearch'.$cid]); //str_replace("+"," ",$_SESSION['lastsearch'.$cid]);
 			$search = $safesearch;
 			$search = str_replace('"','&quot;',$search);
-			$searchall = $sessiondata['searchall'.$cid];
-			$searchmine = $sessiondata['searchmine'.$cid];
+			$searchall = $_SESSION['searchall'.$cid];
+			$searchmine = $_SESSION['searchmine'.$cid];
 			$hidepriv = 0; $skipfederated = 0;
 			if ($isadmin) {
-				$hidepriv = $sessiondata['hidepriv'.$cid];
-				$skipfederated = $sessiondata['skipfederated'.$cid];
+				$hidepriv = $_SESSION['hidepriv'.$cid];
+				$skipfederated = $_SESSION['skipfederated'.$cid];
 			}
 		} else {
 			$search = '';
@@ -703,23 +701,21 @@
 		    $_POST['libs'] = $userdeflib;
 		  }
 		  $searchlibs = $_POST['libs'];
-			//$sessiondata['lastsearchlibs'] = implode(",",$searchlibs);
-			$sessiondata['lastsearchlibs'.$cid] = $searchlibs;
-			writesessiondata();
+			//$_SESSION['lastsearchlibs'] = implode(",",$searchlibs);
+			$_SESSION['lastsearchlibs'.$cid] = $searchlibs;
 		} else if (isset($_GET['listlib'])) {
 			$searchlibs = $_GET['listlib'];
-			$sessiondata['lastsearchlibs'.$cid] = $searchlibs;
+			$_SESSION['lastsearchlibs'.$cid] = $searchlibs;
 			$searchall = 0;
-			$sessiondata['searchall'.$cid] = $searchall;
-			$sessiondata['lastsearch'.$cid] = '';
+			$_SESSION['searchall'.$cid] = $searchall;
+			$_SESSION['lastsearch'.$cid] = '';
 			$searchlikes = '';
 			$searchlikevals = array();
 			$search = '';
 			$safesearch = '';
-			writesessiondata();
-		}else if (isset($sessiondata['lastsearchlibs'.$cid])) {
-			//$searchlibs = explode(",",$sessiondata['lastsearchlibs']);
-			$searchlibs = $sessiondata['lastsearchlibs'.$cid];
+		}else if (isset($_SESSION['lastsearchlibs'.$cid])) {
+			//$searchlibs = explode(",",$_SESSION['lastsearchlibs']);
+			$searchlibs = $_SESSION['lastsearchlibs'.$cid];
 		} else {
 			$searchlibs = $userdeflib;
 		}
@@ -1060,7 +1056,7 @@ function chglibtoggle(rad) {
 			<input type=radio name="action" value="0" onclick="chglibtoggle(this)" checked="checked"/> Add to libraries, keeping any existing library assignments<br/>
 			<input type=radio name="action" value="1" onclick="chglibtoggle(this)"/> Add to libraries, removing existing library assignments<br/>
 			<?php
-			if ($sessiondata['searchall'.$cid]==0 && $sessiondata['lastsearchlibs'.$cid]!='0') {
+			if ($_SESSION['searchall'.$cid]==0 && $_SESSION['lastsearchlibs'.$cid]!='0') {
 				echo '<input type=radio name="action" value="3" onclick="chglibtoggle(this)"/> Add to libraries, removing library assignment in currently listed libraries<br/>';
 			}
 			?>
diff --git a/course/masschgdates.php b/course/masschgdates.php
index 82cce2b28b..d3d9e9c2a2 100644
--- a/course/masschgdates.php
+++ b/course/masschgdates.php
@@ -265,19 +265,17 @@ function getshortday($atime) {
 
 	if (isset($_GET['orderby'])) {
 		$orderby = Sanitize::onlyInt($_GET['orderby']);
-		$sessiondata['mcdorderby'.$cid] = $orderby;
-		writesessiondata();
-	} else if (isset($sessiondata['mcdorderby'.$cid])) {
-		$orderby = $sessiondata['mcdorderby'.$cid];
+		$_SESSION['mcdorderby'.$cid] = $orderby;
+	} else if (isset($_SESSION['mcdorderby'.$cid])) {
+		$orderby = $_SESSION['mcdorderby'.$cid];
 	} else {
 		$orderby = 3;
 	}
 	if (isset($_GET['filter'])) {
 		$filter = Sanitize::simpleString($_GET['filter']);
-		$sessiondata['mcdfilter'.$cid] = $filter;
-		writesessiondata();
-	} else if (isset($sessiondata['mcdfilter'.$cid])) {
-		$filter = $sessiondata['mcdfilter'.$cid];
+		$_SESSION['mcdfilter'.$cid] = $filter;
+	} else if (isset($_SESSION['mcdfilter'.$cid])) {
+		$filter = $_SESSION['mcdfilter'.$cid];
 	} else {
 		$filter = "all";
 	}
diff --git a/course/masssend.php b/course/masssend.php
index 97bd04a836..2145475beb 100644
--- a/course/masssend.php
+++ b/course/masssend.php
@@ -163,8 +163,11 @@
 				}
 			}
 
-			$sessiondata['mathdisp']=2;
-			$sessiondata['graphdisp']=2;
+			$origmathdisp = $_SESSION['mathdisp'];
+			$origgraphdisp = $_SESSION['graphdisp'];
+			$_SESSION['mathdisp']=2;
+			$_SESSION['graphdisp']=2;
+
 			require("../filter/filter.php");
 			$message = filter($messagePost);
 			$message = preg_replace('/<img([^>])*src="\//','<img $1 src="'.$GLOBALS['basesiteurl'] .'/',$message);
@@ -221,6 +224,9 @@
 			foreach ($teacheraddys as $addy) {
 				send_email($addy, $sendfrom, $subjectPost, $message, array($self), array(), 5);
 			}
+
+			$_SESSION['mathdisp'] = $origmathdisp;
+			$_SESSION['graphdisp'] = $origgraphdisp;
 		}
 		if ($calledfrom=='lu') {
 			header('Location: ' . $GLOBALS['basesiteurl'] . "/course/listusers.php?cid=$cid&r=" . Sanitize::randomQueryStringParam());
diff --git a/course/moddataset.php b/course/moddataset.php
index d3c2bc90de..c267d83690 100644
--- a/course/moddataset.php
+++ b/course/moddataset.php
@@ -689,11 +689,11 @@ function getvideoid($url) {
 			$line['hasimg'] = 0;
 			$line['deleted'] = 0;
 			$line['replaceby'] = 0;
-			if (isset($_GET['aid']) && isset($sessiondata['lastsearchlibs'.$_GET['aid']])) {
-				$inlibs = $sessiondata['lastsearchlibs'.Sanitize::onlyInt($_GET['aid'])];
-			} else if (isset($sessiondata['lastsearchlibs'.$cid])) {
-				//$searchlibs = explode(",",$sessiondata['lastsearchlibs']);
-				$inlibs = $sessiondata['lastsearchlibs'.$cid];
+			if (isset($_GET['aid']) && isset($_SESSION['lastsearchlibs'.$_GET['aid']])) {
+				$inlibs = $_SESSION['lastsearchlibs'.Sanitize::onlyInt($_GET['aid'])];
+			} else if (isset($_SESSION['lastsearchlibs'.$cid])) {
+				//$searchlibs = explode(",",$_SESSION['lastsearchlibs']);
+				$inlibs = $_SESSION['lastsearchlibs'.$cid];
 			} else {
 				$inlibs = $userdeflib;
 			}
@@ -774,7 +774,7 @@ function getvideoid($url) {
 	/// Start display ///
 	$pagetitle = "Question Editor";
 	$placeinhead = '';
-	/*if ($sessiondata['mathdisp']==1 || $sessiondata['mathdisp']==2 || $sessiondata['mathdisp']==3) {
+	/*if ($_SESSION['mathdisp']==1 || $_SESSION['mathdisp']==2 || $_SESSION['mathdisp']==3) {
 		//these scripts are used by the editor to make image-based math work in the editor
 		$placeinhead .= '<script type="text/javascript">var AMTcgiloc = "'.$mathimgurl.'";';
 		//if ($mathdarkbg) {$placeinhead .=  'var mathbg = "dark";';}
diff --git a/course/modtutorialq.php b/course/modtutorialq.php
index b5d54e98b6..bd4652a568 100644
--- a/course/modtutorialq.php
+++ b/course/modtutorialq.php
@@ -914,11 +914,11 @@ function getqvalues($code,$type) {
 	$line['userights'] = $stm->fetchColumn(0);
 	$line['author'] = $myname;
 	$line['deleted'] = 0;
-	if (isset($_GET['aid']) && isset($sessiondata['lastsearchlibs'.$_GET['aid']])) {
-		$inlibs = $sessiondata['lastsearchlibs'.Sanitize::onlyInt($_GET['aid'])];
-	} else if (isset($sessiondata['lastsearchlibs'.$cid])) {
-		//$searchlibs = explode(",",$sessiondata['lastsearchlibs']);
-		$inlibs = $sessiondata['lastsearchlibs'.$cid];
+	if (isset($_GET['aid']) && isset($_SESSION['lastsearchlibs'.$_GET['aid']])) {
+		$inlibs = $_SESSION['lastsearchlibs'.Sanitize::onlyInt($_GET['aid'])];
+	} else if (isset($_SESSION['lastsearchlibs'.$cid])) {
+		//$searchlibs = explode(",",$_SESSION['lastsearchlibs']);
+		$inlibs = $_SESSION['lastsearchlibs'.$cid];
 	} else {
 		$inlibs = $userdeflib;
 	}
diff --git a/course/outcomereport.php b/course/outcomereport.php
index 293d1bbd16..9345da236d 100644
--- a/course/outcomereport.php
+++ b/course/outcomereport.php
@@ -36,8 +36,8 @@
 
 if (isset($_GET['gbmode']) && $_GET['gbmode']!='') {
 	$gbmode = $_GET['gbmode'];
-} else if (isset($sessiondata[$cid.'gbmode'])) {
-	$gbmode =  $sessiondata[$cid.'gbmode'];
+} else if (isset($_SESSION[$cid.'gbmode'])) {
+	$gbmode =  $_SESSION[$cid.'gbmode'];
 } else {
 	$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 	$stm->execute(array(':courseid'=>$cid));
diff --git a/course/printlayoutbare.php b/course/printlayoutbare.php
index 9871b3afbe..d8ca1273c9 100644
--- a/course/printlayoutbare.php
+++ b/course/printlayoutbare.php
@@ -30,12 +30,12 @@
 $cid = Sanitize::courseId($_GET['cid']);
 $aid = Sanitize::onlyInt($_GET['aid']);
 if (isset($_POST['mathdisp']) && $_POST['mathdisp']=='text') {
-	$sessiondata['mathdisp'] = 0;
+	$_SESSION['mathdisp'] = 0;
 } else {
-	$sessiondata['mathdisp'] = 2;
+	$_SESSION['mathdisp'] = 2;
 }
 if (isset($_POST['mathdisp']) && $_POST['mathdisp']=='tex') {
-	$sessiondata['texdisp'] = true;
+	$GLOBALS['texdisp'] = true;
 }
 if (isset($_POST['mathdisp']) && $_POST['mathdisp']=='textandimg') {
 	$printtwice = 2;
@@ -43,7 +43,8 @@
 	$printtwice = 1;
 }
 
-$sessiondata['graphdisp'] = 2;
+$origgraphdisp = $_SESSION['graphdisp'];
+$_SESSION['graphdisp'] = 2;
 $assessver = 2;
 
 if ($overwriteBody==1) {
@@ -211,7 +212,7 @@
 
 	for ($pt=0;$pt<$printtwice;$pt++) {
 		if ($pt==1) {
-			$sessiondata['mathdisp'] = 0;
+			$_SESSION['mathdisp'] = 0;
 			echo Sanitize::encodeStringForDisplay($_POST['vsep']).'<br/>';;
 
 		}
@@ -314,7 +315,7 @@
 
 
 }
-
+$_SESSION['graphdisp'] = $origgraphdisp;
 require("../footer.php");
 
 function printq($qn,$qsetid,$seed,$pts,$showpts) {
diff --git a/course/printlayoutword.php b/course/printlayoutword.php
index bd8dda1ee9..79ba598993 100644
--- a/course/printlayoutword.php
+++ b/course/printlayoutword.php
@@ -26,15 +26,6 @@
 /******* begin html output ********/
 
 $aid = Sanitize::onlyInt($_GET['aid']);
-$sessiondata['texdisp'] = true;
-$sessiondata['texdoubleescape'] = true;
-$texusealignsformatrix = true;
-
-$sessiondata['graphdisp'] = 1;
-$sessiondata['mathdisp'] = 2;
-$loadgraphfilter = true;
-$hidedrawcontrols = true;
-$assessver = 2;
 
 $stm = $DBH->prepare("SELECT itemorder,shuffle,defpoints,name,intro FROM imas_assessments WHERE id=:id");
 $stm->execute(array(':id'=>$aid));
@@ -75,6 +66,18 @@
 
 
 } else {
+  $GLOBALS['texdisp'] = true;
+  $GLOBALS['texdoubleescape'] = true;
+  $texusealignsformatrix = true;
+
+  $origmathdisp = $_SESSION['mathdisp'];
+  $origgraphdisp = $_SESSION['graphdisp'];
+  $_SESSION['graphdisp'] = 1;
+  $_SESSION['mathdisp'] = 2;
+  $loadgraphfilter = true;
+  $hidedrawcontrols = true;
+  $assessver = 2;
+
 	//load filter
 	$curdir = rtrim(dirname(__FILE__), '/\\');
 	require_once("$curdir/../filter/filter.php");
@@ -345,10 +348,12 @@
 	header('Content-Length: '.filesize($filename));
 	readfile($filename.'.docx');
 	*/
-
+  $_SESSION['mathdisp'] = $origmathdisp;
+  $_SESSION['graphdisp'] = $origgraphdisp;
+  require("../footer.php");
 	exit;
 }
-require("../footer.php");
+
 function printq($qn,$qsetid,$seed,$pts,$showpts) {
 	global $RND,$DBH,$isfinal,$imasroot,$urlmode;
 	$RND->srand($seed);
diff --git a/course/quickdrill.php b/course/quickdrill.php
index aa4329a25c..0ab22d679d 100644
--- a/course/quickdrill.php
+++ b/course/quickdrill.php
@@ -19,19 +19,16 @@
 if (isset($_GET['public'])) {
 	require("../init_without_validate.php");
 	if (isset($sessionpath) && $sessionpath!='') { session_save_path($sessionpath);}
-	ini_set('session.gc_maxlifetime',86400);
+	ini_set('session.gc_maxlifetime',432000);
 	ini_set('auto_detect_line_endings',true);
 	header('P3P: CP="ALL CUR ADM OUR"');
 	session_start();
 	$_SESSION['publicquickdrill'] = true;
-	function writesessiondata() {
-		global $sessiondata;
-		$_SESSION['data'] = base64_encode(serialize($sessiondata));
-	}
+	
 	if (!isset($_SESSION['data']) || isset($_GET['reset'])) {
-		$sessiondata = array();
+		$_SESSION = array();
 	} else {
-		$sessiondata = unserialize(base64_decode($_SESSION['data']));
+		$_SESSION = unserialize(base64_decode($_SESSION['data']));
 	}
 	if((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO']=='https'))  {
 		$urlmode = 'https://';
@@ -40,15 +37,14 @@ function writesessiondata() {
 	 }
 	$public = '?public=true';
 	$publica = '&public=true';
-	$sessiondata['graphdisp'] = 1;
-	$sessiondata['mathdisp'] = 2;
+	$_SESSION['graphdisp'] = 1;
+	$_SESSION['mathdisp'] = 2;
 } else {
 	require("../init.php");
 	$public = '';
 	$publica = '';
 }
 if (isset($_GET['reset'])) {
-	writesessiondata();
 	echo "Session reset";
 	exit;
 }
@@ -56,14 +52,14 @@ function writesessiondata() {
 
 $pagetitle = "Quick Drill";
 
-if (isset($_GET['showresults']) && is_array($sessiondata['drillresults'])) {
-	$qids = array_keys($sessiondata['drillresults']);
+if (isset($_GET['showresults']) && is_array($_SESSION['drillresults'])) {
+	$qids = array_keys($_SESSION['drillresults']);
 	$list = implode(',', array_map('intval', $qids));
 	$stm = $DBH->query("SELECT id,description FROM imas_questionset WHERE id IN ($list) ORDER BY description");
 	$out = '';
 	while ($row = $stm->fetch(PDO::FETCH_NUM)) {
 		$out .= "<p><b>".Sanitize::encodeStringForDisplay($row[1])."</b><ul>";
-		foreach ($sessiondata['drillresults'][$row[0]] as $item) {
+		foreach ($_SESSION['drillresults'][$row[0]] as $item) {
 			$out .= '<li>';
 			if ($item[0]=='n') {
 				$out .= $item[1].' questions completed in '.Sanitize::encodeStringForDisplay($item[2]).', score: '.Sanitize::encodeStringForDisplay($item[3]);
@@ -103,27 +99,27 @@ function writesessiondata() {
 	}
 	exit;
 }
-if (isset($sessiondata['drill']) && empty($_GET['id'])) {
+if (isset($_SESSION['drill']) && empty($_GET['id'])) {
 	//load from sessiondata
-	$qsetid = $sessiondata['drill']['id'];
-	$cid = $sessiondata['drill']['cid'];
-	$sa = $sessiondata['drill']['sa'];
-	$starttime = $sessiondata['drill']['starttime'];
-	$mode = $sessiondata['drill']['mode'];
+	$qsetid = $_SESSION['drill']['id'];
+	$cid = $_SESSION['drill']['cid'];
+	$sa = $_SESSION['drill']['sa'];
+	$starttime = $_SESSION['drill']['starttime'];
+	$mode = $_SESSION['drill']['mode'];
 	if ($mode == 'cntdown') {
-		$timelimit = $sessiondata['drill']['time'];
+		$timelimit = $_SESSION['drill']['time'];
 	}
-	if (isset($sessiondata['drill']['n'])) {
-		$n = $sessiondata['drill']['n'];
+	if (isset($_SESSION['drill']['n'])) {
+		$n = $_SESSION['drill']['n'];
 	}
-	if (isset($sessiondata['drill']['nc'])) {
-		$nc = $sessiondata['drill']['nc'];
+	if (isset($_SESSION['drill']['nc'])) {
+		$nc = $_SESSION['drill']['nc'];
 	}
-	$scores = $sessiondata['drill']['scores'];
+	$scores = $_SESSION['drill']['scores'];
 
 	$showscore = ($sa==0 || $sa==1 || $sa==4);
 	if (($mode=='cntup' || $mode=='cntdown') && $starttime==0)  {
-		$sessiondata['drill']['starttime'] = time();
+		$_SESSION['drill']['starttime'] = time();
 		$starttime = time();
 	}
 
@@ -137,44 +133,43 @@ function writesessiondata() {
 		}
 		exit;
 	} else {
-		$sessiondata['drill'] = array();
-		$sessiondata['drill']['id'] = $_GET['id'];
+		$_SESSION['drill'] = array();
+		$_SESSION['drill']['id'] = $_GET['id'];
 	}
 	if (!empty($_GET['cid'])) {
-		$sessiondata['drill']['cid'] = Sanitize::courseId($_GET['cid']);
+		$_SESSION['drill']['cid'] = Sanitize::courseId($_GET['cid']);
 	}  else {
-		$sessiondata['drill']['cid'] = 0;
+		$_SESSION['drill']['cid'] = 0;
 	}
 	if (!empty($_GET['sa'])) {
-		$sessiondata['drill']['sa'] = $_GET['sa'];
+		$_SESSION['drill']['sa'] = $_GET['sa'];
 	} else {
-		$sessiondata['drill']['sa'] = 0;
+		$_SESSION['drill']['sa'] = 0;
 	}
-	$sessiondata['drill']['mode'] = 'std';
-	$sessiondata['drill']['scores'] = array();
+	$_SESSION['drill']['mode'] = 'std';
+	$_SESSION['drill']['scores'] = array();
 
 	if (!empty($_GET['t'])) {
-		$sessiondata['drill']['time'] = $_GET['t'];
-		$sessiondata['drill']['mode'] = 'cntdown';
+		$_SESSION['drill']['time'] = $_GET['t'];
+		$_SESSION['drill']['mode'] = 'cntdown';
 	}
 	if (!empty($_GET['n'])) {
-		$sessiondata['drill']['n'] = $_GET['n'];
-		$sessiondata['drill']['mode'] = 'cntup';
+		$_SESSION['drill']['n'] = $_GET['n'];
+		$_SESSION['drill']['mode'] = 'cntup';
 	}
 	if (!empty($_GET['nc'])) {
-		$sessiondata['drill']['nc'] = $_GET['nc'];
-		$sessiondata['drill']['mode'] = 'cntup';
+		$_SESSION['drill']['nc'] = $_GET['nc'];
+		$_SESSION['drill']['mode'] = 'cntup';
 	}
-	if ($sessiondata['drill']['mode']=='cntup' || $sessiondata['drill']['mode']=='cntdown') {
-		$sessiondata['drill']['starttime'] = 0;
+	if ($_SESSION['drill']['mode']=='cntup' || $_SESSION['drill']['mode']=='cntdown') {
+		$_SESSION['drill']['starttime'] = 0;
 	}
-	if (!isset($sessiondata['drillresults'])) {
-		$sessiondata['drillresults'] = array();
+	if (!isset($_SESSION['drillresults'])) {
+		$_SESSION['drillresults'] = array();
 	}
-	$sessiondata['coursetheme'] = $coursetheme;
-	writesessiondata();
+	$_SESSION['coursetheme'] = $coursetheme;
 
-	if ($sessiondata['drill']['mode']=='cntup' || $sessiondata['drill']['mode']=='cntdown') {
+	if ($_SESSION['drill']['mode']=='cntup' || $_SESSION['drill']['mode']=='cntdown') {
 		echo '<html><body>';
 		echo "<a href=\"" . $GLOBALS['basesiteurl'] . "/course/quickdrill.php$public\">Start</a>";
 		echo '</body></html>';
@@ -201,8 +196,7 @@ function writesessiondata() {
 		$seed = rand(1,9999);
 	}
 	$scores[] = $score;
-	$sessiondata['drill']['scores'] = $scores;
-	writesessiondata();
+	$_SESSION['drill']['scores'] = $scores;
 	$curscore = 0;
 	foreach ($scores as $score) {
 		$curscore += getpts($score);
@@ -213,7 +207,7 @@ function writesessiondata() {
 	$seed = rand(1,9999);
 }
 
-//$sessiondata['coursetheme'] = $coursetheme;
+//$_SESSION['coursetheme'] = $coursetheme;
 $flexwidth = true; //tells header to use non _fw stylesheet
 $placeinhead = '<style type="text/css">div.question {width: auto;} div.review {width: auto; margin-top: 5px;}</style>';
 $useeditor = 1;
@@ -255,11 +249,10 @@ function writesessiondata() {
 	echo "<p>Score:  ".Sanitize::onlyFloat($curscore)." out of ".count($scores)." possible</p>";
 	$addr = $GLOBALS['basesiteurl'] . "/course/quickdrill.php?id=$qsetid&cid=$cid&sa=$sa&n=$n$publica";
 	echo "<p><a href=\"$addr\">Again</a></p>";
-	if (!isset($sessiondata['drillresults'][$qsetid])) {
-		$sessiondata['drillresults'][$qsetid] = array();
+	if (!isset($_SESSION['drillresults'][$qsetid])) {
+		$_SESSION['drillresults'][$qsetid] = array();
 	}
-	$sessiondata['drillresults'][$qsetid][] = array("n",$n,"$hours:$minutes:$seconds","$curscore out of ".count($scores));
-	writesessiondata();
+	$_SESSION['drillresults'][$qsetid][] = array("n",$n,"$hours:$minutes:$seconds","$curscore out of ".count($scores));
 	require("../footer.php");
 	exit;
 }
@@ -275,11 +268,10 @@ function writesessiondata() {
 	echo "<p>".count($scores)." tries used</p>";
 	$addr = $GLOBALS['basesiteurl'] . "/course/quickdrill.php?id=$qsetid&cid=$cid&sa=$sa&nc=$nc$publica";
 	echo "<p><a href=\"$addr\">Again</a></p>";
-	if (!isset($sessiondata['drillresults'][$qsetid])) {
-		$sessiondata['drillresults'][$qsetid] = array();
+	if (!isset($_SESSION['drillresults'][$qsetid])) {
+		$_SESSION['drillresults'][$qsetid] = array();
 	}
-	$sessiondata['drillresults'][$qsetid][] = array("nc",$nc,"$hours:$minutes:$seconds",count($scores).' tries used');
-	writesessiondata();
+	$_SESSION['drillresults'][$qsetid][] = array("nc",$nc,"$hours:$minutes:$seconds",count($scores).' tries used');
 	require("../footer.php");
 	exit;
 }
@@ -303,11 +295,10 @@ function writesessiondata() {
 	echo "$seconds seconds</p>";
 	$addr = $GLOBALS['basesiteurl'] . "/course/quickdrill.php?id=$qsetid&cid=$cid&sa=$sa&t=$timelimit$publica";
 	echo "<p><a href=\"$addr\">Again</a></p>";
-	if (!isset($sessiondata['drillresults'][$qsetid])) {
-		$sessiondata['drillresults'][$qsetid] = array();
+	if (!isset($_SESSION['drillresults'][$qsetid])) {
+		$_SESSION['drillresults'][$qsetid] = array();
 	}
-	$sessiondata['drillresults'][$qsetid][] = array("t","$hours:$minutes:$seconds","$curscore out of ".count($scores));
-	writesessiondata();
+	$_SESSION['drillresults'][$qsetid][] = array("t","$hours:$minutes:$seconds","$curscore out of ".count($scores));
 	require("../footer.php");
 	exit;
 }
diff --git a/course/redeemlatepass.php b/course/redeemlatepass.php
index 71b7f46add..80a231a512 100644
--- a/course/redeemlatepass.php
+++ b/course/redeemlatepass.php
@@ -8,7 +8,7 @@
 	$aid = Sanitize::onlyInt($_GET['aid']);
 
 	require("../includes/exceptionfuncs.php");
-	if (isset($studentid) && !isset($sessiondata['stuview'])) {
+	if (isset($studentid) && !isset($_SESSION['stuview'])) {
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, true, $studentinfo['latepasses'], $latepasshrs);
 	} else {
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, false);
@@ -30,7 +30,7 @@
 		if ($from != 'ltitimelimit') {
 			echo "$breadcrumbbase ";
 		}
-		if ($cid>0 && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+		if ($cid>0 && (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 			echo " <a href=\"../course/course.php?cid=$cid\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 		}
 		if ($from == 'gb') {
@@ -85,10 +85,10 @@
 			echo "<p><a href=\"../bltilaunch.php?accessibility=ask'\">Continue</a></p>";
 		} else if ($from=='gb') {
 			echo "<p><a href=\"gradebook.php?cid=$cid\">Continue</a></p>";
-		} else if ((!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+		} else if ((!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 			echo "<p><a href=\"course.php?cid=$cid\">Continue</a></p>";
 		} else {
-			echo "<p><a href=\"../assessment/showtest.php?cid=$cid&id={$sessiondata['ltiitemid']}\">Continue</a></p>";
+			echo "<p><a href=\"../assessment/showtest.php?cid=$cid&id={$_SESSION['ltiitemid']}\">Continue</a></p>";
 		}
 		require("../footer.php");
 
@@ -152,12 +152,12 @@
 			header('Location: ' . $GLOBALS['basesiteurl'] . "/bltilaunch.php?accessibility=ask" . "&r=" . Sanitize::randomQueryStringParam());
 		} else if ($from=='gb') {
 			header('Location: ' . $GLOBALS['basesiteurl'] . "/course/gradebook.php?cid=$cid" . "&r=" . Sanitize::randomQueryStringParam());
-		} else if ((!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+		} else if ((!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 			header('Location: ' . $GLOBALS['basesiteurl'] . "/course/course.php?cid=$cid" . "&r=" . Sanitize::randomQueryStringParam());
-		} else if (isset($sessiondata['ltiitemver']) && $sessiondata['ltiitemver'] > 1) {
-			header('Location: ' . $GLOBALS['basesiteurl'] . "/assess2/?cid=$cid&aid={$sessiondata['ltiitemid']}" . "&r=" . Sanitize::randomQueryStringParam());
+		} else if (isset($_SESSION['ltiitemver']) && $_SESSION['ltiitemver'] > 1) {
+			header('Location: ' . $GLOBALS['basesiteurl'] . "/assess2/?cid=$cid&aid={$_SESSION['ltiitemid']}" . "&r=" . Sanitize::randomQueryStringParam());
 		} else {
-			header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php?cid=$cid&id={$sessiondata['ltiitemid']}" . "&r=" . Sanitize::randomQueryStringParam());
+			header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php?cid=$cid&id={$_SESSION['ltiitemid']}" . "&r=" . Sanitize::randomQueryStringParam());
 		}
 	} else {
 		require("../header.php");
@@ -165,7 +165,7 @@
 		if ($from != 'ltitimelimit') {
 			echo "$breadcrumbbase ";
 		}
-		if ($cid>0 && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+		if ($cid>0 && (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 			echo " <a href=\"../course/course.php?cid=$cid\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 		}
 		if ($from == 'gb') {
@@ -267,12 +267,12 @@
 				echo "<input type=button value=\"Nevermind\" class=\"secondarybtn\" onclick=\"window.location='../bltilaunch.php?accessibility=ask'\"/>";
 			} else if ($from=='gb') {
 				echo "<input type=button value=\"Nevermind\" class=\"secondarybtn\" onclick=\"window.location='gradebook.php?cid=$cid'\"/>";
-			} else if ((!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+			} else if ((!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 				echo "<input type=button value=\"Nevermind\" class=\"secondarybtn\" onclick=\"window.location='course.php?cid=$cid'\"/>";
-			} else if (isset($sessiondata['ltiitemver']) && $sessiondata['ltiitemver'] > 1) {
-				echo "<input type=button value=\"Nevermind\" class=\"secondarybtn\" onclick=\"window.location='../assess2/?cid=$cid&aid={$sessiondata['ltiitemid']}'\"/>";
+			} else if (isset($_SESSION['ltiitemver']) && $_SESSION['ltiitemver'] > 1) {
+				echo "<input type=button value=\"Nevermind\" class=\"secondarybtn\" onclick=\"window.location='../assess2/?cid=$cid&aid={$_SESSION['ltiitemid']}'\"/>";
 			} else {
-				echo "<input type=button value=\"Nevermind\" class=\"secondarybtn\" onclick=\"window.location='../assessment/showtest.php?cid=$cid&id={$sessiondata['ltiitemid']}'\"/>";
+				echo "<input type=button value=\"Nevermind\" class=\"secondarybtn\" onclick=\"window.location='../assessment/showtest.php?cid=$cid&id={$_SESSION['ltiitemid']}'\"/>";
 			}
 			echo "</p></form>";
 		} else {
diff --git a/course/redeemlatepassforum.php b/course/redeemlatepassforum.php
index 65b60b998a..5317265647 100644
--- a/course/redeemlatepassforum.php
+++ b/course/redeemlatepassforum.php
@@ -9,7 +9,7 @@
 	$from = $_GET['from'];
 	
 	require("../includes/exceptionfuncs.php");
-	if (isset($studentid) && !isset($sessiondata['stuview'])) {
+	if (isset($studentid) && !isset($_SESSION['stuview'])) {
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, true, $studentinfo['latepasses'], $latepasshrs);
 	} else {
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, false);
@@ -30,7 +30,7 @@
 	if (isset($_GET['undo'])) {
 		require("../header.php");
 		echo "<div class=breadcrumb>$breadcrumbbase ";
-		if ($cid>0 && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+		if ($cid>0 && (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 			echo " <a href=\"../course/course.php?cid=$cid\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 		}
 		echo "Un-use LatePass</div>";
@@ -245,7 +245,7 @@
 		//TO HERE - TODO keep going
 		require("../header.php");
 		echo "<div class=breadcrumb>$breadcrumbbase ";
-		if ($cid>0 && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+		if ($cid>0 && (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 			echo " <a href=\"../course/course.php?cid=$cid\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 		}
 		echo "Redeem LatePass</div>\n";
diff --git a/course/report-weeklylab.php b/course/report-weeklylab.php
index c3aa98c24c..9f6de6aa96 100644
--- a/course/report-weeklylab.php
+++ b/course/report-weeklylab.php
@@ -51,8 +51,8 @@ function getpts($scs) {
 
 	if (isset($_GET['gbmode']) && $_GET['gbmode']!='') {
 		$gbmode = $_GET['gbmode'];
-	} else if (isset($sessiondata[$cid.'gbmode'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	} else if (isset($_SESSION[$cid.'gbmode'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
@@ -62,22 +62,21 @@ function getpts($scs) {
 
 	if (isset($_POST['interval'])) {
 		//settings update postback
-		if (!isset($sessiondata['reportsettings-weeklylab'])) {
-			$sessiondata['reportsettings-weeklylab'] = array();
+		if (!isset($_SESSION['reportsettings-weeklylab'])) {
+			$_SESSION['reportsettings-weeklylab'] = array();
 		}
-		$sessiondata['reportsettings-weeklylab'.$cid]['interval'] = $_POST['interval'];
-		$sessiondata['reportsettings-weeklylab'.$cid]['useminscore'] = isset($_POST['useminscore']);
-		$sessiondata['reportsettings-weeklylab'.$cid]['breakpercent'] = intval($_POST['breakpercent']);
-		writesessiondata();
+		$_SESSION['reportsettings-weeklylab'.$cid]['interval'] = $_POST['interval'];
+		$_SESSION['reportsettings-weeklylab'.$cid]['useminscore'] = isset($_POST['useminscore']);
+		$_SESSION['reportsettings-weeklylab'.$cid]['breakpercent'] = intval($_POST['breakpercent']);
 
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/course/report-weeklylab.php?cid=$cid" . "&r=" . Sanitize::randomQueryStringParam());
 		exit;
 	}
 
-	if (isset($sessiondata['reportsettings-weeklylab'.$cid])) {
-		$interval = $sessiondata['reportsettings-weeklylab'.$cid]['interval'];
-		$useminscore = $sessiondata['reportsettings-weeklylab'.$cid]['useminscore'];
-		$breakpercent = $sessiondata['reportsettings-weeklylab'.$cid]['breakpercent'];
+	if (isset($_SESSION['reportsettings-weeklylab'.$cid])) {
+		$interval = $_SESSION['reportsettings-weeklylab'.$cid]['interval'];
+		$useminscore = $_SESSION['reportsettings-weeklylab'.$cid]['useminscore'];
+		$breakpercent = $_SESSION['reportsettings-weeklylab'.$cid]['breakpercent'];
 
 	} else {
 		$interval = '1week';
diff --git a/course/reviewlibrary.php b/course/reviewlibrary.php
index f4e738b6ca..b3c1c3ec30 100644
--- a/course/reviewlibrary.php
+++ b/course/reviewlibrary.php
@@ -47,9 +47,9 @@
 
 	if (!isset($_REQUEST['lib'])) {
 
-		if (isset($sessiondata['lastsearchlibs'])) {
-			//$searchlibs = explode(",",$sessiondata['lastsearchlibs']);
-			$inlibs = $sessiondata['lastsearchlibs'];
+		if (isset($_SESSION['lastsearchlibs'])) {
+			//$searchlibs = explode(",",$_SESSION['lastsearchlibs']);
+			$inlibs = $_SESSION['lastsearchlibs'];
 		} else {
 			$inlibs = '0';
 		}
@@ -308,7 +308,7 @@
 }
 
 /******* begin html output ********/
-$sessiondata['coursetheme'] = $coursetheme;
+$_SESSION['coursetheme'] = $coursetheme;
 if ($showtips==2) {
 	$placeinhead .= "<script type=\"text/javascript\" src=\"$imasroot/javascript/eqntips.js?v=012810\"></script>";
 }
diff --git a/course/sendmsgmodal.php b/course/sendmsgmodal.php
index 05d97adc63..63edbb2309 100644
--- a/course/sendmsgmodal.php
+++ b/course/sendmsgmodal.php
@@ -71,8 +71,11 @@
 			$row[2] = trim($row[2]);
 			if ($row[2]!='' && $row[2]!='none@none.com') {
 				$addy = Sanitize::simpleASCII("{$row[0]} {$row[1]}")." <".Sanitize::emailAddress($row[2]).">";
-				$sessiondata['mathdisp']=2;
-				$sessiondata['graphdisp']=2;
+
+				$origmathdisp = $_SESSION['mathdisp'];
+				$origgraphdisp = $_SESSION['graphdisp'];
+				$_SESSION['mathdisp']=2;
+				$_SESSION['graphdisp']=2;
 				require("../filter/filter.php");
 				$message = filter($message);
 				$message = preg_replace('/<img([^>])*src="\//','<img $1 src="' . $GLOBALS['basesiteurl'] . '/',$message);
@@ -83,6 +86,9 @@
 
 				send_email($addy, $sendfrom, $subject, $message, array($self), array(), 5);
 
+				$_SESSION['mathdisp'] = $origmathdisp;
+				$_SESSION['graphdisp'] = $origgraphdisp;
+
 				if ($sendcnt == 0) {
 					$success = _('Email sent');
 				}
diff --git a/course/showcalendar.php b/course/showcalendar.php
index b64524d7bb..347e43d2d4 100644
--- a/course/showcalendar.php
+++ b/course/showcalendar.php
@@ -12,17 +12,16 @@
 	$cid = Sanitize::courseId($_GET['cid']);
 	if (isset($_GET['editing'])) {
 		$editingon = $_GET['editing']=='on';
-		$sessiondata[$cid.'caledit'] = $editingon;
-		writesessiondata();
-	} else if (isset($sessiondata[$cid.'caledit'])) {
-		$editingon = $sessiondata[$cid.'caledit'];
+		$_SESSION[$cid.'caledit'] = $editingon;
+	} else if (isset($_SESSION[$cid.'caledit'])) {
+		$editingon = $_SESSION[$cid.'caledit'];
 	} else {
 		$editington = false;
 	}
 
 	require_once("../includes/exceptionfuncs.php");
 
-	if (isset($studentid) && !isset($sessiondata['stuview'])) {
+	if (isset($studentid) && !isset($_SESSION['stuview'])) {
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, true, $studentinfo['latepasses'], $latepasshrs);
 	} else {
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, false);
diff --git a/course/showfeedbackall.php b/course/showfeedbackall.php
index f1d14c1e74..b0f80310f0 100644
--- a/course/showfeedbackall.php
+++ b/course/showfeedbackall.php
@@ -19,25 +19,24 @@
 }
 
 if ($canviewall) {
-	if (isset($sessiondata[$cid.'gbmode']) && !isset($_GET['refreshdef'])) {
-		$gbmode =  $sessiondata[$cid.'gbmode'];
+	if (isset($_SESSION[$cid.'gbmode']) && !isset($_GET['refreshdef'])) {
+		$gbmode =  $_SESSION[$cid.'gbmode'];
 	} else {
 		$stm = $DBH->prepare("SELECT defgbmode FROM imas_gbscheme WHERE courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
 		$gbmode = $stm->fetchColumn(0);
-		$sessiondata[$cid.'gbmode'] = $gbmode;
-		writesessiondata();
+		$_SESSION[$cid.'gbmode'] = $gbmode;
 	}
-	if (isset($sessiondata[$cid.'catfilter'])) {
-		$catfilter = $sessiondata[$cid.'catfilter'];
+	if (isset($_SESSION[$cid.'catfilter'])) {
+		$catfilter = $_SESSION[$cid.'catfilter'];
 	} else {
 		$catfilter = -1;
 	}
 	if (isset($tutorsection) && $tutorsection!='') {
 		$secfilter = $tutorsection;
 	} else {
-		if (isset($sessiondata[$cid.'secfilter'])) {
-			$secfilter = $sessiondata[$cid.'secfilter'];
+		if (isset($_SESSION[$cid.'secfilter'])) {
+			$secfilter = $_SESSION[$cid.'secfilter'];
 		} else {
 			$secfilter = -1;
 		}
diff --git a/course/showlinkedtext.php b/course/showlinkedtext.php
index 82126fa5c8..1409fc4483 100644
--- a/course/showlinkedtext.php
+++ b/course/showlinkedtext.php
@@ -83,7 +83,7 @@ function recunload() {
 	$(function() {$("#exttoolframe").css("height",$(window).height() - $(".midwrapper").position().top - ($(".midwrapper").height()-500) - ($("body").outerHeight(true) - $("body").innerHeight()));});
 	</script>';
 	require("../header.php");
-	if ((isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==3)) {
+	if ((isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==3)) {
 		$fixbc = 'style="position:fixed;top:0;width:100%"';
 		$pad = 'padding-top: 25px;';
 	} else {
@@ -101,7 +101,7 @@ function recunload() {
 	}
 	echo '<div class="linkedtextholder" style="padding-left:10px; padding-right: 10px;'.$pad.'">';
 	$navbuttons = '';
-	if ((isset($sessiondata['ltiitemtype']) && $sessiondata['ltiitemtype']==3) || isset($sessiondata['readernavon'])) {
+	if ((isset($_SESSION['ltiitemtype']) && $_SESSION['ltiitemtype']==3) || isset($_SESSION['readernavon'])) {
 		$now = time();
 		$query = "SELECT il.id,il.title,il.avail,il.startdate,il.enddate,ii.id AS itemid ";
 		$query .= "FROM imas_linkedtext as il JOIN imas_items AS ii ON il.id=ii.typeid AND ii.itemtype='LinkedText' ";
@@ -146,7 +146,7 @@ function getflatlinkeditemlist($items) {
 		$navbuttons .= '<p>&nbsp;</p>';
 		if ($thisitemloc>0) {
 			$p = $itemdata[$flatlist[$thisitemloc-1]];
-			if (isset($studentid) && !isset($sessiondata['stuview'])) {
+			if (isset($studentid) && !isset($_SESSION['stuview'])) {
 				$rec = "data-base=\"linkedlink-".Sanitize::onlyInt($p['id'])."\" ";
 			} else {
 				$rec = '';
@@ -157,7 +157,7 @@ function getflatlinkeditemlist($items) {
 		}
 		if ($thisitemloc<count($flatlist)-2) {
 			$p = $itemdata[$flatlist[$thisitemloc+1]];
-			if (isset($studentid) && !isset($sessiondata['stuview'])) {
+			if (isset($studentid) && !isset($_SESSION['stuview'])) {
 				$rec = "data-base=\"linkedlink-".Sanitize::onlyInt($p['id'])."\" ";
 			} else {
 				$rec = '';
diff --git a/course/testquestion.php b/course/testquestion.php
index 79e89b4a50..516d802911 100644
--- a/course/testquestion.php
+++ b/course/testquestion.php
@@ -109,7 +109,7 @@
 }
 
 /******* begin html output ********/
-$sessiondata['coursetheme'] = $coursetheme;
+$_SESSION['coursetheme'] = $coursetheme;
 $flexwidth = true; //tells header to use non _fw stylesheet
 
 $useeqnhelper = $eqnhelper;
@@ -279,7 +279,7 @@ function chguseinfixed(state) {
 
 	echo '<code id="qhtml" style="display:none">';
 	$message = displayq($qn,$_GET['qsetid'],$seed,false,false,0,true);
-	$message = printfilter(forcefiltergraph($message));
+	$message = printfilter($message);
 	$message = preg_replace('/(`[^`]*`)/',"<span class=\"AM\">$1</span>",$message);
 	$message = str_replacE('`','\`',$message);
 	echo htmlentities($message);
diff --git a/course/treereader.php b/course/treereader.php
index 311b64700e..fe244aa967 100644
--- a/course/treereader.php
+++ b/course/treereader.php
@@ -14,15 +14,13 @@
 } else {
 	$viewall = false;
 }
-if ((!isset($_GET['folder']) || $_GET['folder']=='') && !isset($sessiondata['folder'.$cid])) {
+if ((!isset($_GET['folder']) || $_GET['folder']=='') && !isset($_SESSION['folder'.$cid])) {
 	$_GET['folder'] = '0';
-	$sessiondata['folder'.$cid] = '0';
-	writesessiondata();
-} else if ((isset($_GET['folder']) && $_GET['folder']!='') && (!isset($sessiondata['folder'.$cid]) || $sessiondata['folder'.$cid]!=$_GET['folder'])) {
-	$sessiondata['folder'.$cid] = $_GET['folder'];
-	writesessiondata();
-} else if ((!isset($_GET['folder']) || $_GET['folder']=='') && isset($sessiondata['folder'.$cid])) {
-	$_GET['folder'] = $sessiondata['folder'.$cid];
+	$_SESSION['folder'.$cid] = '0';
+} else if ((isset($_GET['folder']) && $_GET['folder']!='') && (!isset($_SESSION['folder'.$cid]) || $_SESSION['folder'.$cid]!=$_GET['folder'])) {
+	$_SESSION['folder'.$cid] = $_GET['folder'];
+} else if ((!isset($_GET['folder']) || $_GET['folder']=='') && isset($_SESSION['folder'.$cid])) {
+	$_GET['folder'] = $_SESSION['folder'.$cid];
 }
 
 if (isset($_GET['recordbookmark'])) {  //for recording bookmarks into the student's record
diff --git a/course/uploadmultgrades.php b/course/uploadmultgrades.php
index 16a0b6cffa..c75bde430c 100644
--- a/course/uploadmultgrades.php
+++ b/course/uploadmultgrades.php
@@ -9,7 +9,8 @@ function fopen_utf8 ($filename, $mode) {
     $file = @fopen($filename, $mode);
     $bom = fread($file, 3);
     if ($bom != b"\xEF\xBB\xBF") {
-        rewind($file);
+      fclose($file);
+      $file = @fopen($filename, $mode);
     }
     return $file;
 }
@@ -25,14 +26,11 @@ function fopen_utf8 ($filename, $mode) {
 	$body = "You need to log in as a teacher to access this page";
 } else {	//PERMISSIONS ARE OK, PERFORM DATA MANIPULATION
 	$cid = Sanitize::courseId($_GET['cid']);
-	$dir = rtrim(dirname(dirname(__FILE__)), '/\\').'/admin/import/';
-	if (isset($_POST['thefile'])) {
+	if (isset($_POST['filekey'])) {
 		//already uploaded file, ready for official upload
-		$filename = Sanitize::sanitizeFilenameAndCheckBlacklist($_POST['thefile']);
-		if (!file_exists($dir.$filename)) {
-			echo "File is missing!";
-			exit;
-		}
+    $filekey = Sanitize::simplestring($_POST['filekey']);
+    $uploadfile = getimportfilepath($filekey);
+
 		$stm = $DBH->prepare("SELECT imas_users.id,imas_users.SID FROM imas_users JOIN imas_students ON imas_students.userid=imas_users.id WHERE imas_students.courseid=:courseid");
 		$stm->execute(array(':courseid'=>$cid));
 		while ($row = $stm->fetch(PDO::FETCH_NUM)) {
@@ -74,7 +72,7 @@ function fopen_utf8 ($filename, $mode) {
 		$adds = array();
 		$addsvals = array();
 		if (count($gbitemid)>0) {
-			$handle = fopen_utf8($dir.$filename,'r');
+			$handle = fopen_utf8($uploadfile,'r');
 			for ($i = 0; $i<$_POST['headerrows']; $i++) {
 				$line = fgetcsv($handle,4096);
 			}
@@ -128,80 +126,72 @@ function fopen_utf8 ($filename, $mode) {
 				//echo $query;
 			}
 		}
-		unlink($dir.$filename);
+		deleteimport($filekey);
 		header('Location: ' . $GLOBALS['basesiteurl'] . "/course/chgoffline.php?cid=$cid" . "&r=" . Sanitize::randomQueryStringParam());
 		exit;
 	} else if (isset($_FILES['userfile']['name']) && $_FILES['userfile']['name']!='') {
 		//upload file
-		if (is_uploaded_file($_FILES['userfile']['tmp_name'])) {
-			$k = 0;
-			while (file_exists($dir . "upload$k.csv")) {
-				$k++;
-			}
-			$uploadfile = "upload$k.csv";
-			if (move_uploaded_file($_FILES['userfile']['tmp_name'], $dir.$uploadfile)) {
-				//parse out header info
-				$page_fileHiddenInput = '<input type="hidden" name="thefile" value="'.$uploadfile.'" />';
-				$handle = fopen_utf8($dir.$uploadfile,'r');
-				$hrow = fgetcsv($handle,4096);
-				$columndata = array();
-				$names = array();
-				if ($_POST['headerrows']==2) {
-					$srow = fgetcsv($handle,4096);
-				}
-				fclose($handle);
-				for ($i=0; $i<count($hrow); $i++) {
-					if ($hrow[$i]=='Username') {
-						$usernamecol = $i;
-					} else if ($hrow[$i]=='Name' || $hrow[$i]=='Section' || $hrow[$i]=='Code') {
-						continue;
-					} else if (strpos(strtolower($hrow[$i]),'comment')!==false || strpos(strtolower($hrow[$i]),'feedback')!==false) {
-						$columndata[$i-1][2] = $i;
+    if ($filekey = storeimportfile('userfile')) {
+      $page_fileHiddenInput = "<input type=hidden name=\"filekey\" value=\"".Sanitize::encodeStringForDisplay($filekey)."\" />\n";
+    } else {
+      echo "<p>Error uploading file!</p>\n";
+      echo Sanitize::encodeStringForDisplay($_FILES["userfile"]['error']);
+      exit;
+    }
+    $uploadfile = getimportfilepath($filekey);
+		//parse out header info
+		$handle = fopen_utf8($uploadfile,'r');
+		$hrow = fgetcsv($handle,4096);
+		$columndata = array();
+		$names = array();
+		if ($_POST['headerrows']==2) {
+			$srow = fgetcsv($handle,4096);
+		}
+		fclose($handle);
+		for ($i=0; $i<count($hrow); $i++) {
+			if ($hrow[$i]=='Username') {
+				$usernamecol = $i;
+			} else if ($hrow[$i]=='Name' || $hrow[$i]=='Section' || $hrow[$i]=='Code') {
+				continue;
+			} else if (strpos(strtolower($hrow[$i]),'comment')!==false || strpos(strtolower($hrow[$i]),'feedback')!==false) {
+				$columndata[$i-1][2] = $i;
+			} else {
+				if (isset($srow[$i])) {
+					$p = explode(':',$hrow[$i]);
+					if (count($p)>1) {
+					    $names[$i] = Sanitize::stripHtmlTags($p[0]);
 					} else {
-						if (isset($srow[$i])) {
-							$p = explode(':',$hrow[$i]);
-							if (count($p)>1) {
-							    $names[$i] = Sanitize::stripHtmlTags($p[0]);
-							} else {
-								$names[$i] = Sanitize::stripHtmlTags($hrow[$i]);
-							}
-							$pts = intval(preg_replace('/[^\d\.]/','',$srow[$i]));
-							//if ($pts==0) {$pts = '';}
-						} else {
-							$p = explode(':',$hrow[$i]);
-							if (count($p)>1) {
-								$pts = intval(preg_replace('/[^\d\.]/','',$p[count($p)-1]));
-								$names[$i] = Sanitize::stripHtmlTags($p[0]);
-							} else {
-								$pts = 0;
-								$names[$i] = Sanitize::stripHtmlTags($hrow[$i]);
-							}
-							//if ($pts==0) {$pts = '';}
-						}
-						$columndata[$i] = array($names[$i],$pts,-1,0);
+						$names[$i] = Sanitize::stripHtmlTags($hrow[$i]);
 					}
-				}
-				//look to see if any of these names have been used before
-				if (count($names)>0) {
-					$query_placeholders = Sanitize::generateQueryPlaceholders($names);
-					$stm = $DBH->prepare("SELECT id,name FROM imas_gbitems WHERE name IN ($query_placeholders) AND courseid=?");
-					$stm->execute(array_merge($names, array($cid)));
-					while ($row = $stm->fetch(PDO::FETCH_NUM)) {
-						$loc = array_search($row[1],$names);
-						if ($loc===false) {continue; } //shouldn't happen
-						$columndata[$loc][3] = $row[0];  //store existing gbitems.id
+					$pts = intval(preg_replace('/[^\d\.]/','',$srow[$i]));
+					//if ($pts==0) {$pts = '';}
+				} else {
+					$p = explode(':',$hrow[$i]);
+					if (count($p)>1) {
+						$pts = intval(preg_replace('/[^\d\.]/','',$p[count($p)-1]));
+						$names[$i] = Sanitize::stripHtmlTags($p[0]);
+					} else {
+						$pts = 0;
+						$names[$i] = Sanitize::stripHtmlTags($hrow[$i]);
 					}
+					//if ($pts==0) {$pts = '';}
 				}
-				if (!isset($usernamecol)) {
-					$usernamecol = 1;
-				}
-			} else {
-				$overwriteBody = 1;
-				$body = "<p>Error uploading file!</p>\n";
+				$columndata[$i] = array($names[$i],$pts,-1,0);
 			}
-		} else {
-			$overwriteBody = 1;
-			$body = "File Upload error";
+		}
+		//look to see if any of these names have been used before
+		if (count($names)>0) {
+			$query_placeholders = Sanitize::generateQueryPlaceholders($names);
+			$stm = $DBH->prepare("SELECT id,name FROM imas_gbitems WHERE name IN ($query_placeholders) AND courseid=?");
+			$stm->execute(array_merge($names, array($cid)));
+			while ($row = $stm->fetch(PDO::FETCH_NUM)) {
+				$loc = array_search($row[1],$names);
+				if ($loc===false) {continue; } //shouldn't happen
+				$columndata[$loc][3] = $row[0];  //store existing gbitems.id
+			}
+		}
+		if (!isset($usernamecol)) {
+			$usernamecol = 1;
 		}
 	}
 
@@ -209,7 +199,6 @@ function fopen_utf8 ($filename, $mode) {
 	$curBreadcrumb .=" &gt; <a href=\"gradebook.php?stu=0&gbmode=".Sanitize::encodeUrlParam($_GET['gbmode'])."&cid=$cid\">Gradebook</a> ";
 	$curBreadcrumb .=" &gt; <a href=\"chgoffline.php?stu=0&cid=$cid\">Manage Offline Grades</a> &gt; Upload Multiple Grades";
 
-
 }
 
 /******* begin html output ********/
diff --git a/course/viewforumgrade.php b/course/viewforumgrade.php
index c20b0e2ac8..c4704c647c 100644
--- a/course/viewforumgrade.php
+++ b/course/viewforumgrade.php
@@ -102,7 +102,7 @@
 	$showlink = ($caneditscore || time()<$row[5]);
 
 	$pagetitle = "View Forum Grade";
-	if ($caneditscore && $sessiondata['useed']!=0) {
+	if ($caneditscore && $_SESSION['useed']!=0) {
 		$useeditor = "noinit";
 		$placeinhead .= '<script type="text/javascript"> initeditor("divs","fbbox",null,true);</script>';
 		$placeinhead .= '<style type="text/css">
@@ -183,7 +183,7 @@
 			echo "\" /> </td>";
 			//echo "<td><textarea cols=40 rows=1 id=\"feedback".Sanitize::encodeStringForDisplay($row[0])."\" name=\"feedback[".Sanitize::encodeStringForDisplay($row[0])."]\">".Sanitize::encodeStringForDisplay($scores[$row[0]][1])."</textarea></td>";
 			$postid = Sanitize::onlyInt($row[0]);
-			if ($sessiondata['useed']==0) {
+			if ($_SESSION['useed']==0) {
 				echo "<td><textarea class=scorebox cols=\"40\" rows=\"1\" name=\"feedback$postid\" id=\"feedback$postid\">";
 				if ($scores[$row[0]][1]!==null) {
 					echo Sanitize::encodeStringForDisplay($scores[$row[0]][1]);
@@ -217,7 +217,7 @@
 			}
 			echo "\" /> </td>";
 			//echo "<td><textarea cols=40 rows=1 id=\"feedback0\" name=\"feedback[0]\">".Sanitize::encodeStringForDisplay($scores[0][1])."</textarea></td>";
-			if ($sessiondata['useed']==0) {
+			if ($_SESSION['useed']==0) {
 				echo "<td><textarea class=scorebox cols=\"40\" rows=\"1\" name=\"feedback0\" id=\"feedback0\">";
 				if ($scores[0][1]!==null) {
 					echo Sanitize::encodeStringForDisplay($scores[0][1]);
diff --git a/csrfp/simplecsrfp.php b/csrfp/simplecsrfp.php
index 3da4c4dada..e68386b65b 100644
--- a/csrfp/simplecsrfp.php
+++ b/csrfp/simplecsrfp.php
@@ -1,6 +1,6 @@
 <?php
 
-//Adapted from OWASP Foundation's CSRFP Protector 
+//Adapted from OWASP Foundation's CSRFP Protector
 //Licensed under the Apache License, Version 2.0
 
 if (!defined('__CSRF_PROTECTOR__')) {
@@ -32,29 +32,29 @@ class csrfProtector
 		public static $config = array(
 			'failedAuthAction' => 'block',
 			'tokenLength' => 10,
-			'logDirectory' => "log", 
+			'logDirectory' => "log",
 			'jsUrl' => ''  //set in init, after basesiteurl is defined
 		);
-		
+
 		public static function init($length = null, $action = null)
 		{
-			global $userid, $sessiondata;
+			global $userid;
 			if (empty($userid)) { //only run if $userid is set
 				return;
 			}
-			
+
 			if ($GLOBALS['CFG']['use_csrfp']==='log') {
 				self::$config['failedAuthAction'] = 'log';
 			}
-			
+
 			self::$config['jsUrl'] = $GLOBALS['basesiteurl'] . "/csrfp/js/simplecsrfprotector.js";
-			
+
 			// Authorise the incoming request
-			if (isset($sessiondata[CSRFP_TOKEN])) {
+			if (isset($_SESSION[CSRFP_TOKEN])) {
 				self::authorizePost();
 			}
-			
-			if (!isset($sessiondata[CSRFP_TOKEN])) {
+
+			if (!isset($_SESSION[CSRFP_TOKEN])) {
 				self::refreshToken();
 			}
 
@@ -64,7 +64,6 @@ public static function init($length = null, $action = null)
 		}
 		public static function authorizePost()
 		{
-			global $sessiondata;
 			if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
 				// look for token in payload else from header
@@ -75,8 +74,8 @@ public static function authorizePost()
 
 					//action in case of failed validation
 					self::failedValidationAction();
-				} 
-			} 
+				}
+			}
 		}
 
 		/*
@@ -118,9 +117,8 @@ private static function getTokenFromRequest() {
 		 * bool - true if its valid else false
 		 */
 		private static function isValidToken($token) {
-			global $sessiondata;
-			if (!isset($sessiondata[CSRFP_TOKEN])) return false;
-			return ($sessiondata[CSRFP_TOKEN] == $token);
+			if (!isset($_SESSION[CSRFP_TOKEN])) return false;
+			return ($_SESSION[CSRFP_TOKEN] == $token);
 		}
 
 		/*
@@ -143,7 +141,7 @@ private static function failedValidationAction()
 			static::logCSRFattack();
 
 			if (self::$config['failedAuthAction']==='log') {
-				//just log - no action	
+				//just log - no action
 			} else {
 				if (isset($GLOBALS['CFG']['csrfp_error_message'])) {
 					exit($GLOBALS['CFG']['csrfp_error_message']);
@@ -168,11 +166,9 @@ private static function failedValidationAction()
 		 */
 		public static function refreshToken()
 		{
-			global $sessiondata;
 			$token = self::generateAuthToken();
 
-			$sessiondata[CSRFP_TOKEN] = $token;
-			writesessiondata();
+			$_SESSION[CSRFP_TOKEN] = $token;
 		}
 		/*
 		 * Function: generateAuthToken
@@ -191,7 +187,7 @@ public static function generateAuthToken()
 			$randLength = 64;
 
 			$tokenLength = self::$config['tokenLength'];
-			
+
 			//#todo - if $length > 128 throw exception
 
 			if (function_exists("random_bytes")) {
@@ -212,7 +208,7 @@ public static function generateAuthToken()
 			}
 			return substr($token, 0, $tokenLength);
 		}
-		
+
 		/*
 		* Function: get_csrf_input_tag
 		*
@@ -221,15 +217,14 @@ public static function generateAuthToken()
 		*/
 		private static function get_csrf_input_tag()
 		{
-			global $sessiondata;
 			$out = '<input type="hidden" name="'.CSRFP_TOKEN.'" ';
-			$out .= 'class="'.CSRFP_TOKEN.'" value="'.$sessiondata[CSRFP_TOKEN].'" />';
+			$out .= 'class="'.CSRFP_TOKEN.'" value="'.$_SESSION[CSRFP_TOKEN].'" />';
 			return $out;
 		}
 
 		/*
 		 * Function: output_header_code
-		 * outputs the token information and script tag 
+		 * outputs the token information and script tag
 		 * for placement into the <head>
 		 *
 		 * Return:
@@ -237,18 +232,17 @@ private static function get_csrf_input_tag()
 		 */
 		public static function output_header_code()
 		{
-			global $sessiondata;
 			$out = '<script type="text/javascript" src="' . self::$config['jsUrl'] . '"></script>';
 			$out .= '<script type="text/javascript">';
-			$out .= 'CSRFP.setToken("'.$sessiondata[CSRFP_TOKEN].'");</script>';
+			$out .= 'CSRFP.setToken("'.$_SESSION[CSRFP_TOKEN].'");</script>';
 
 			return $out;
 		}
-		
+
 
 		/*
 		 * Function: ob_handler
-		 * Rewrites <form> on the fly to add CSRF tokens to them. 
+		 * Rewrites <form> on the fly to add CSRF tokens to them.
 		 *
 		 * Parameters:
 		 * $buffer - output buffer to which all output are stored
@@ -292,7 +286,6 @@ public static function ob_handler($buffer, $flags)
 		 */
 		protected static function logCSRFattack()
 		{
-			global $sessiondata;
 			//miniature version of the log
 			$log = array();
 			$log['timestamp'] = time();
@@ -302,15 +295,13 @@ protected static function logCSRFattack()
 			$log['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
 			$log['query'] = $_POST;
 
-			if (!isset($sessiondata[CSRFP_TOKEN])) {
+			if (!isset($_SESSION[CSRFP_TOKEN])) {
 				$log['csrfp_token'] = "not set";
 			} else {
-				$log['csrfp_token'] = $sessiondata[CSRFP_TOKEN];
+				$log['csrfp_token'] = $_SESSION[CSRFP_TOKEN];
 			}
-			global $DBH;
-			$stm = $DBH->prepare("SELECT time FROM imas_sessions WHERE sessionid=?");
-			$stm->execute(array(session_id()));
-			$log['session_time'] = $stm->fetchColumn(0);
+
+			$log['session_time'] = $_SESSION['time'];
 
 			//remove password from query
 			if (isset($log['query']['password'])) {
@@ -347,5 +338,3 @@ protected static function logCSRFattack()
 		}
 	};
 }
-
-			
\ No newline at end of file
diff --git a/diag/index.php b/diag/index.php
index 92ca4a1185..00ad069c99 100644
--- a/diag/index.php
+++ b/diag/index.php
@@ -88,13 +88,8 @@ function decodeSelector($sel) {
 			}
 		}
 	}
-	$stm = $DBH->prepare("SELECT sessiondata FROM imas_sessions WHERE sessionid=:sessionid");
-	$stm->execute(array(':sessionid'=>$sessionid));
-	//if (isset($sessiondata['mathdisp'])) {
-	if ($stm->rowCount()>0) {
-	   $stm = $DBH->prepare("DELETE FROM imas_sessions WHERE sessionid=:sessionid");
-	   $stm->execute(array(':sessionid'=>$sessionid));
-	   $sessiondata = array();
+	if (!empty($_SESSION)) {
+	   $_SESSION = array();
 	   if (isset($_COOKIE[session_name()])) {
 		   setcookie(session_name(), '', time()-42000, '/', '', false, true);
 	   }
@@ -269,22 +264,23 @@ function decodeSelector($sel) {
 		}
 		//if ($allowreentry) {
 
-			$sessiondata['mathdisp'] = $_POST['mathdisp'];//1;
-			$sessiondata['graphdisp'] = $_POST['graphdisp'];//1;
-			//$sessiondata['mathdisp'] = 1;
-			//$sessiondata['graphdisp'] = 1;
-			$sessiondata['useed'] = 1;
-			$sessiondata['isdiag'] = $diagid;
-			$sessiondata['diag_aver'] = $aVer;
+			$_SESSION['mathdisp'] = $_POST['mathdisp'];//1;
+			$_SESSION['graphdisp'] = $_POST['graphdisp'];//1;
+			//$_SESSION['mathdisp'] = 1;
+			//$_SESSION['graphdisp'] = 1;
+			$_SESSION['useed'] = 1;
+			$_SESSION['isdiag'] = $diagid;
+			$_SESSION['diag_aver'] = $aVer;
 
-			$enc = base64_encode(serialize($sessiondata));
 			if (!empty($_POST['tzname'])) {
 				$tzname = $_POST['tzname'];
 			} else {
 				$tzname = '';
 			}
-			$stm = $DBH->prepare("INSERT INTO imas_sessions (sessionid,userid,time,tzoffset,tzname,sessiondata) VALUES (:sessionid, :userid, :time, :tzoffset, :tzname, :sessiondata)");
-			$stm->execute(array(':sessionid'=>$sessionid, ':userid'=>$userid, ':time'=>$now, ':tzoffset'=>$_POST['tzoffset'], ':tzname'=>$tzname, ':sessiondata'=>$enc));
+			$_SESSION['userid'] = $userid;
+			$_SESSION['time'] = $now;
+			$_SESSION['tzoffset'] = $_POST['tzoffset'];
+			$_SESSION['tzname'] = $tzname;
 
 			if ((intval($line['forceregen']) & (1<<intval($_POST['course'])))>0) {
 				$stm = $DBH->prepare("DELETE FROM imas_assessment_sessions WHERE userid=:userid AND assessmentid=:assessmentid LIMIT 1");
@@ -326,18 +322,21 @@ function decodeSelector($sel) {
 	$stm = $DBH->prepare("INSERT INTO imas_students (userid,courseid,section,timelimitmult) VALUES (:userid, :courseid, :section, :timelimitmult);");
 	$stm->execute(array(':userid'=>$userid, ':courseid'=>$pcid, ':section'=>$_POST['teachers'], ':timelimitmult'=>$_POST['timelimitmult']));
 
-	$sessiondata['mathdisp'] = $_POST['mathdisp'];//1;
-	$sessiondata['graphdisp'] = $_POST['graphdisp'];//1;
-	$sessiondata['useed'] = 1;
-	$sessiondata['isdiag'] = $diagid;
-	$enc = base64_encode(serialize($sessiondata));
+	$_SESSION['mathdisp'] = $_POST['mathdisp'];//1;
+	$_SESSION['graphdisp'] = $_POST['graphdisp'];//1;
+	$_SESSION['useed'] = 1;
+	$_SESSION['isdiag'] = $diagid;
+	$enc = base64_encode(serialize($_SESSION));
 	if (!empty($_POST['tzname'])) {
 		$tzname = $_POST['tzname'];
 	} else {
 		$tzname = '';
 	}
-	$stm = $DBH->prepare("INSERT INTO imas_sessions (sessionid,userid,time,tzoffset,tzname,sessiondata) VALUES (:sessionid, :userid, :time, :tzoffset, :tzname, :sessiondata)");
-	$stm->execute(array(':sessionid'=>$sessionid, ':userid'=>$userid, ':time'=>$now, ':tzoffset'=>$_POST['tzoffset'], ':tzname'=>$tzname, ':sessiondata'=>$enc));
+	$_SESSION['userid'] = $userid;
+	$_SESSION['time'] = $now;
+	$_SESSION['tzoffset'] = $_POST['tzoffset'];
+	$_SESSION['tzname'] = $tzname;
+	
 	$aids = explode(',',$line['aidlist']);
 	$paid = $aids[$_POST['course']];
 	if ($aVer > 1) {
diff --git a/embedq.php b/embedq.php
index db935c41c0..c7d0a3467b 100644
--- a/embedq.php
+++ b/embedq.php
@@ -16,7 +16,7 @@
 
 require("./assessment/displayq2.php");
 
-$sessiondata = array();
+$_SESSION = array();
 $prefdefaults = array(
 	'mathdisp'=>1,
 	'graphdisp'=>1,
@@ -24,24 +24,24 @@
 	'useed'=>1,
 	'livepreview'=>1);
 $prefcookie = json_decode($_COOKIE["embedquserprefs"], true);
-$sessiondata['userprefs'] = array();
+$_SESSION['userprefs'] = array();
 foreach($prefdefaults as $key=>$def) {
 	if ($prefcookie!==null && isset($prefcookie[$key])) {
-		$sessiondata['userprefs'][$key] = filter_var($prefcookie[$key], FILTER_SANITIZE_NUMBER_INT);
+		$_SESSION['userprefs'][$key] = filter_var($prefcookie[$key], FILTER_SANITIZE_NUMBER_INT);
 	} else {
-		$sessiondata['userprefs'][$key] = $def;
+		$_SESSION['userprefs'][$key] = $def;
 	}
 }
 foreach(array('graphdisp','mathdisp','useed') as $key) {
-	$sessiondata[$key] = $sessiondata['userprefs'][$key];
+	$_SESSION[$key] = $_SESSION['userprefs'][$key];
 }
 
 $showtips = 2;
 $useeqnhelper = 4;
 $courseUIver = 1;
-$sessiondata['drill']['cid'] = 0;
-$sessiondata['drill']['sa'] = 0;
-$sessiondata['secsalt'] = "12345";
+$_SESSION['drill']['cid'] = 0;
+$_SESSION['drill']['sa'] = 0;
+$_SESSION['secsalt'] = "12345";
 $cid = "embedq";
 if (empty($_GET['id'])) {
 	echo 'Need to supply an id';
@@ -53,10 +53,10 @@
 
 if (isset($_GET['theme'])) {
 	$theme = preg_replace('/\W/','',$_GET['theme']);
-	$sessiondata['coursetheme'] = $theme . '.css';
+	$_SESSION['coursetheme'] = $theme . '.css';
 	$page_formAction .= "&theme=$theme";
 } else {
-	$sessiondata['coursetheme'] = $coursetheme;
+	$_SESSION['coursetheme'] = $coursetheme;
 }
 
 if (isset($_GET['noscores'])) {
@@ -167,7 +167,7 @@ function sendresizemsg() {
 			});
 		}
 		</script>';
-	if ($sessiondata['mathdisp']==1 || $sessiondata['mathdisp']==3) {
+	if ($_SESSION['mathdisp']==1 || $_SESSION['mathdisp']==3) {
 		//in case MathJax isn't loaded yet
 		$placeinhead .= '<script type="text/x-mathjax-config">
 			MathJax.Hub.Queue(function () {
diff --git a/filter/basiclti/post.php b/filter/basiclti/post.php
index 11eddbcf90..d7d1f888b1 100644
--- a/filter/basiclti/post.php
+++ b/filter/basiclti/post.php
@@ -79,7 +79,7 @@
 $parms['context_type'] = 'CourseSection';
 $parms['resource_link_id'] = $cid.'-'.$linkid;
 
-if ($points>0 && isset($studentid) && !isset($sessiondata['stuview'])) {
+if ($points>0 && isset($studentid) && !isset($_SESSION['stuview'])) {
 	$sig = sha1($gradesecret.'::'.$parms['resource_link_id'].'::'.$userid);
 	$parms['lis_result_sourcedid'] = $sig.'::'.$parms['resource_link_id'].'::'.$userid;
 	$parms['lis_outcome_service_url'] = $GLOBALS['basesiteurl'] . '/admin/ltioutcomeservice.php';
diff --git a/filter/filter.php b/filter/filter.php
index fefc7be1d2..83369a5ca1 100644
--- a/filter/filter.php
+++ b/filter/filter.php
@@ -6,19 +6,19 @@
 	//load in filters as needed
 	$filterdir = rtrim(dirname(__FILE__), '/\\');
 	//include("$filterdir/simplelti/simplelti.php");
-	if ((isset($sessiondata['mathdisp']) && $sessiondata['mathdisp']==2 ) || isset($loadmathfilter)) { //use image fallback for math
+	if ((isset($_SESSION['mathdisp']) && $_SESSION['mathdisp']==2 ) || isset($loadmathfilter)) { //use image fallback for math
 		include("$filterdir/math/ASCIIMath2TeX.php");
 		$AMT = new AMtoTeX;
 	}
-	if ((isset($sessiondata['graphdisp']) && $sessiondata['graphdisp']==2) || isset($loadgraphfilter)) { //use image fallback for graphs
+	if ((isset($_SESSION['graphdisp']) && $_SESSION['graphdisp']==2) || isset($loadgraphfilter)) { //use image fallback for graphs
 		include("$filterdir/graph/asciisvgimg.php");
 		$AS = new AStoIMG;
 	}
-	if ((!isset($sessiondata['graphdisp']) || $sessiondata['graphdisp']==0)) {
+	if ((!isset($_SESSION['graphdisp']) || $_SESSION['graphdisp']==0)) {
 		include_once("$filterdir/graph/sscrtotext.php");
 	}
 	function mathfiltercallback($arr) {
-		global $AMT,$mathimgurl,$coursetheme,$sessiondata;
+		global $AMT,$mathimgurl,$coursetheme;
 		//$arr[1] = str_replace(array('&ne;','&quot;','&lt;','&gt;','&le;','&ge;'),array('ne','"','lt','gt','le','ge'),$arr[1]);
 		$arr[1] = str_replace(array('&ne;','&quot;','&le;','&ge;','<','>'),array('ne','"','le','ge','&lt;','&gt;'),$arr[1]);
 		$tex = $AMT->convert($arr[1]);
@@ -28,8 +28,8 @@ function mathfiltercallback($arr) {
 			if (isset($coursetheme) && strpos($coursetheme,'_dark')!==false) {
 				$tex = '\\reverse '.$tex;
 			}
-			if ($sessiondata['texdisp']==true) {
-				if (isset($sessiondata['texdoubleescape'])) {
+			if ($GLOBALS['texdisp']==true) {
+				if (isset($GLOBALS['texdoubleescape'])) {
 					return ' \\\\('.htmlentities($tex).'\\\\) ';
 				} else {
 					return ' '.htmlentities($tex).' ';
@@ -94,28 +94,28 @@ function svgfilterscriptcallback($arr) {
 	}
 
 	function filter($str) {
-		global $sessiondata,$userfullname,$urlmode,$imasroot;
+		global $userfullname,$urlmode,$imasroot;
 		if ($urlmode == 'https://') {
 			$str = str_replace(array('http://www.youtube.com','http://youtu.be'),array('https://www.youtube.com','https://youtu.be'), $str);
 		}
 		if (strip_tags($str)==$str) {
 			$str = str_replace("\n","<br/>\n",$str);
 		}
-		if ($sessiondata['graphdisp']==0) {
+		if ($_SESSION['graphdisp']==0) {
 			if (strpos($str,'embed')!==FALSE) {
 				$str = preg_replace('/<embed[^>]*alt="([^"]*)"[^>]*>/',"[$1]", $str);
 				//$str = preg_replace('/<embed[^>]*sscr[^>]*>/',"[Graph with no description]", $str);
 				$str = preg_replace_callback('/<\s*embed[^>]*?sscr=(.)(.+?)\1.*?>/s','svgsscrtotextcallback',$str);
 			}
 		}
-		if ($sessiondata['mathdisp']==2) {
+		if ($_SESSION['mathdisp']==2) {
 			$str = str_replace('\\`','&grave;',$str);
 			if (strpos($str,'`')!==FALSE) {
 				$str = preg_replace_callback('/`(.*?)`/s', 'mathfiltercallback', $str);
 			}
 			$str = str_replace('&grave;','`',$str);
 		}
-		if ($sessiondata['graphdisp']==2) {
+		if ($_SESSION['graphdisp']==2) {
 			if (strpos($str,'embed')!==FALSE) {
 				$str = preg_replace_callback('/<\s*embed[^>]*?sscr=(.)(.+?)\1.*?>/s','svgfiltersscrcallback',$str);
 				$str = preg_replace_callback('/<\s*embed[^>]*?script=(.)(.+?)\1.*?>/s','svgfilterscriptcallback',$str);
@@ -212,8 +212,7 @@ function filter($str) {
 		return $str;
 	}
 	function filtergraph($str) {
-		global $sessiondata;
-		if ($sessiondata['graphdisp']==2) {
+		if ($_SESSION['graphdisp']==2) {
 			if (strpos($str,'embed')!==FALSE) {
 				$str = preg_replace_callback('/<\s*embed.*?sscr=(.)(.+?)\1.*?>/','svgfiltersscrcallback',$str);
 				$str = preg_replace_callback('/<\s*embed.*?script=(.)(.+?)\1.*?>/','svgfilterscriptcallback',$str);
diff --git a/footer.php b/footer.php
index e7fe3fd926..2fa4bbe380 100644
--- a/footer.php
+++ b/footer.php
@@ -16,7 +16,7 @@ function googleTranslateElementInit() {
 	}
 	</script><script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>';
 }
-if (isset($useeditor) && $sessiondata['useed']==1) {
+if (isset($useeditor) && $_SESSION['useed']==1) {
 	//echo "<script type=\"text/javascript\">initEditor();</script>\n";
 }
 if (!isset($courseUIver)) { $courseUIver = 1;}
diff --git a/forums/forums.php b/forums/forums.php
index d3c0865e8e..c239c8b2c7 100644
--- a/forums/forums.php
+++ b/forums/forums.php
@@ -28,23 +28,21 @@
 	}
 
 	if (isset($_GET['clearsearch'])) {
-		unset($sessiondata['forumsearchstr'.$cid]);
-		unset($sessiondata['forumsearchtype'.$cid]);
-		unset($sessiondata['forumsearchtag'.$cid]);
-		writesessiondata();
+		unset($_SESSION['forumsearchstr'.$cid]);
+		unset($_SESSION['forumsearchtype'.$cid]);
+		unset($_SESSION['forumsearchtag'.$cid]);
 		$searchtype = "none";
 	} else if(isset($_POST['searchsubmit'])) {
 		$searchstr = trim($_POST['search']);
 		$searchtype = $_POST['searchtype'];
 		$searchtag = $_POST['tagfiltersel'];
-		$sessiondata['forumsearchstr'.$cid] = $searchstr;
-		$sessiondata['forumsearchtype'.$cid] = $searchtype;
-		$sessiondata['forumsearchtag'.$cid] = $searchtag;
-		writesessiondata();
-	} else if (isset($sessiondata['forumsearchstr'.$cid])) {
-		$searchstr = $sessiondata['forumsearchstr'.$cid];
-		$searchtype = $sessiondata['forumsearchtype'.$cid];
-		$searchtag = $sessiondata['forumsearchtag'.$cid];
+		$_SESSION['forumsearchstr'.$cid] = $searchstr;
+		$_SESSION['forumsearchtype'.$cid] = $searchtype;
+		$_SESSION['forumsearchtag'.$cid] = $searchtag;
+	} else if (isset($_SESSION['forumsearchstr'.$cid])) {
+		$searchstr = $_SESSION['forumsearchstr'.$cid];
+		$searchtype = $_SESSION['forumsearchtype'.$cid];
+		$searchtag = $_SESSION['forumsearchtag'.$cid];
 	} else {
 		$searchtype = "none";
 	}
diff --git a/forums/posthandler.php b/forums/posthandler.php
index 52abffe3d3..89f790bb81 100644
--- a/forums/posthandler.php
+++ b/forums/posthandler.php
@@ -679,7 +679,7 @@ function addnewfile(t) {
 					$parent[$line['id']] = $line['parent'];
 					$date[$line['id']] = $line['postdate'];
 					$subject[$line['id']] = $line['subject'];
-					if ($sessiondata['graphdisp']==0) {
+					if ($_SESSION['graphdisp']==0) {
 						$line['message'] = preg_replace('/<embed[^>]*alt="([^"]*)"[^>]*>/',"[$1]", $line['message']);
 					}
 					$message[$line['id']] = $line['message'];
diff --git a/forums/posts.php b/forums/posts.php
index 5710e49242..8fbc4e5bad 100644
--- a/forums/posts.php
+++ b/forums/posts.php
@@ -89,7 +89,7 @@
 		$exception = null;
 	}
 	require_once("../includes/exceptionfuncs.php");
-	if (isset($studentid) && !isset($sessiondata['stuview'])) {
+	if (isset($studentid) && !isset($_SESSION['stuview'])) {
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, true, $studentinfo['latepasses'], $latepasshrs);
 	} else {
 		$exceptionfuncs = new ExceptionFuncs($userid, $cid, false);
@@ -166,7 +166,7 @@
 $placeinhead .= '<link rel="stylesheet" href="'.$imasroot.'/forums/forums.css?ver=010619" type="text/css" />';
 $placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/posts.js?v=011517"></script>';
 //$placeinhead = "<style type=\"text/css\">\n@import url(\"$imasroot/forums/forums.css\");\n</style>\n";
-if ($caneditscore && $sessiondata['useed']!=0) {
+if ($caneditscore && $_SESSION['useed']!=0) {
 	$useeditor = "noinit";
 	$placeinhead .= '<script type="text/javascript"> initeditor("divs","fbbox",null,true);</script>';
 }
@@ -251,7 +251,7 @@
 		}
 
 		$subject[$line['id']] = $line['subject'];
-		if ($sessiondata['graphdisp']==0) {
+		if ($_SESSION['graphdisp']==0) {
 			$line['message'] = preg_replace('/<embed[^>]*alt="([^"]*)"[^>]*>/',"[$1]", $line['message']);
 		}
 		$message[$line['id']] = $line['message'];
@@ -478,7 +478,7 @@ function printchildren($base,$restricttoowner=false) {
 	global $DBH,$children,$date,$subject,$re,$message,$poster,$email,$forumid,$threadid,$isteacher,$cid,$userid,$ownerid,$points;
 	global $feedback,$posttype,$lastview,$myrights,$allowreply,$allowmod,$allowdel,$allowlikes,$view,$page,$allowmsg;
 	global $haspoints,$imasroot,$postby,$replyby,$files,$CFG,$rubric,$pointsposs,$hasuserimg,$urlmode,$likes,$mylikes,$section;
-	global $canviewall, $caneditscore, $canviewscore, $sessiondata, $isstu;
+	global $canviewall, $caneditscore, $canviewscore, $isstu;
 	if (!isset($CFG['CPS']['itemicons'])) {
 		$itemicons = array('web'=>'web.png', 'doc'=>'doc.png', 'wiki'=>'wiki.png',
 		'html'=>'html.png', 'forum'=>'forum.png', 'pdf'=>'pdf.png',
@@ -673,7 +673,7 @@ function printchildren($base,$restricttoowner=false) {
 					echo printrubriclink($rubric,$pointsposs,"scorebox$child", "feedback$child");
 				}
 				echo " Private Feedback: ";
-				if ($sessiondata['useed']==0) {
+				if ($_SESSION['useed']==0) {
 					echo "<textarea class=scorebox cols=\"50\" rows=\"2\" name=\"feedback$child\" id=\"feedback$child\">";
 					if ($feedback[$child]!==null) {
 						echo Sanitize::encodeStringForDisplay($feedback[$child]);
diff --git a/forums/postsbyname.php b/forums/postsbyname.php
index 1ee6fa9362..832374fcbe 100644
--- a/forums/postsbyname.php
+++ b/forums/postsbyname.php
@@ -59,7 +59,7 @@
 		$placeinhead .= '<script type="text/javascript" src="'.$imasroot.'/javascript/rubric.js?v=113016"></script>';
 		require("../includes/rubric.php");
 	}
-	if ($caneditscore && $sessiondata['useed']!=0) {
+	if ($caneditscore && $_SESSION['useed']!=0) {
 		$useeditor = "noinit";
 		$placeinhead .= '<script type="text/javascript"> initeditor("divs","fbbox",null,true);</script>';
 	}
@@ -352,7 +352,7 @@ function printuserposts($name, $uid, $content, $postcnt, $replycnt) {
 				}
 				$content .= "</textarea>";
 				*/
-				if ($sessiondata['useed']==0) {
+				if ($_SESSION['useed']==0) {
 					$content .= "<textarea class=scorebox cols=\"50\" rows=\"2\" name=\"feedback".Sanitize::onlyInt($line['id'])."\" id=\"feedback".Sanitize::onlyInt($line['id'])."\">";
 					if ($feedback[$line['id']]!==null) {
 						$content .= Sanitize::encodeStringForDisplay($feedback[$line['id']]);
diff --git a/forums/thread.php b/forums/thread.php
index b47dee1d4f..5ce509490b 100644
--- a/forums/thread.php
+++ b/forums/thread.php
@@ -137,7 +137,7 @@
 if (($postby>0 && $postby<2000000000) || ($replyby>0 && $replyby<2000000000)) {
 	$exception = null; $latepasses = 0;
 	require_once("../includes/exceptionfuncs.php");
-	if (isset($studentid) && !isset($sessiondata['stuview'])) {
+	if (isset($studentid) && !isset($_SESSION['stuview'])) {
 		$stm = $DBH->prepare("SELECT startdate,enddate,islatepass,waivereqscore,itemtype FROM imas_exceptions WHERE assessmentid=:assessmentid AND userid=:userid AND (itemtype='F' OR itemtype='P' OR itemtype='R')");
 		$stm->execute(array(':assessmentid'=>$forumid, ':userid'=>$userid));
 		if ($stm->rowCount()>0) {
@@ -195,8 +195,7 @@
 $grpqs = '';
 if ($groupsetid>0) {
 	if (isset($_GET['ffilter'])) {
-		$sessiondata['ffilter'.$forumid] = $_GET['ffilter'];
-		writesessiondata();
+		$_SESSION['ffilter'.$forumid] = $_GET['ffilter'];
 	}
 	if (!$isteacher) {
 		$query = 'SELECT i_sg.id,i_sg.name FROM imas_stugroups AS i_sg JOIN imas_stugroupmembers as i_sgm ON i_sgm.stugroupid=i_sg.id ';
@@ -210,8 +209,8 @@
 		}
 		$dofilter = true;
 	} else {
-		if (isset($sessiondata['ffilter'.$forumid]) && $sessiondata['ffilter'.$forumid]>-1) {
-			$groupid = $sessiondata['ffilter'.$forumid];
+		if (isset($_SESSION['ffilter'.$forumid]) && $_SESSION['ffilter'.$forumid]>-1) {
+			$groupid = $_SESSION['ffilter'.$forumid];
 			$dofilter = true;
 			$grpqs = "&grp=$groupid";
 		} else {
@@ -242,11 +241,10 @@
 }
 
 if (isset($_GET['tagfilter'])) {
-	$sessiondata['tagfilter'.$forumid] = stripslashes($_GET['tagfilter']);
-	writesessiondata();
+	$_SESSION['tagfilter'.$forumid] = stripslashes($_GET['tagfilter']);
 	$tagfilter = stripslashes($_GET['tagfilter']);
-} else if (isset($sessiondata['tagfilter'.$forumid]) && $sessiondata['tagfilter'.$forumid]!='') {
-	$tagfilter = $sessiondata['tagfilter'.$forumid];
+} else if (isset($_SESSION['tagfilter'.$forumid]) && $_SESSION['tagfilter'.$forumid]!='') {
+	$tagfilter = $_SESSION['tagfilter'.$forumid];
 } else {
 	$tagfilter = '';
 }
@@ -534,8 +532,8 @@
 </form>
 <?php
 if ($isteacher && $groupsetid>0) {
-	if (isset( $sessiondata['ffilter'.$forumid])) {
-		$curfilter = $sessiondata['ffilter'.$forumid];
+	if (isset( $_SESSION['ffilter'.$forumid])) {
+		$curfilter = $_SESSION['ffilter'.$forumid];
 	} else {
 		$curfilter = -1;
 	}
diff --git a/header.php b/header.php
index 1289c50d90..26a298dea4 100644
--- a/header.php
+++ b/header.php
@@ -73,8 +73,8 @@
 </script>
 <script type="text/javascript" src="<?php echo $imasroot;?>/javascript/general.js?v=121819"></script>
 <?php
-//$sessiondata['mathdisp'] = 3;
-//writesessiondata();
+//$_SESSION['mathdisp'] = 3;
+//
 if (isset($CFG['locale'])) {
 	$lang = substr($CFG['locale'],0,2);
 	if (file_exists(rtrim(dirname(__FILE__), '/\\').'/i18n/locale/'.$lang.'/messages.js')) {
@@ -82,11 +82,11 @@
 	}
 }
 if (isset($coursetheme) && strpos($coursetheme,'_dark')!==false) {$mathdarkbg = true;} else {$mathdarkbg = false;}
-if (isset($ispublic) && $ispublic && !isset($sessiondata['mathdisp'])) {
-	$sessiondata['mathdisp'] = 1;
-	$sessiondata['graphdisp'] = 1;
+if (isset($ispublic) && $ispublic && !isset($_SESSION['mathdisp'])) {
+	$_SESSION['mathdisp'] = 1;
+	$_SESSION['graphdisp'] = 1;
 }
-if (isset($sessiondata['ltiitemtype']) && ($sessiondata['mathdisp']==1 || $sessiondata['mathdisp']==3)) {
+if (isset($_SESSION['ltiitemtype']) && ($_SESSION['mathdisp']==1 || $_SESSION['mathdisp']==3)) {
 	echo '<script type="text/x-mathjax-config">
 		MathJax.Hub.Queue(function () {
 			sendLTIresizemsg();
@@ -95,7 +95,7 @@
 	     </script>';
 }
 
-if (!isset($sessiondata['mathdisp'])) {
+if (!isset($_SESSION['mathdisp'])) {
 	echo '<script type="text/javascript">var AMnoMathML = true;var ASnoSVG = true;var AMisGecko = 0;var AMnoTeX = false;var mathRenderer="none";</script>';
 	//don't load MathJax async when using mathgraphcheck; it needs to check immediately
 	if (!empty($CFG['GEN']['uselocaljs'])) {
@@ -104,9 +104,9 @@
 		echo '<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/MathJax.js?config=AM_CHTML-full"></script>';
 	}
 	echo "<script src=\"$imasroot/javascript/mathgraphcheck.js?v=021215\" type=\"text/javascript\"></script>\n";
-} else if ($sessiondata['mathdisp']==1 || $sessiondata['mathdisp']==3) {
+} else if ($_SESSION['mathdisp']==1 || $_SESSION['mathdisp']==3) {
 	//merged, eliminating original AsciiMath display; MathJax only now
-	if (isset($useeditor) && $sessiondata['useed']==1) {
+	if (isset($useeditor) && $_SESSION['useed']==1) {
 		echo '<script type="text/javascript">var AMTcgiloc = "'.$mathimgurl.'";</script>';
 		echo "<script src=\"$imasroot/javascript/ASCIIMathTeXImg_min.js?ver=011520\" type=\"text/javascript\"></script>\n";
 	}
@@ -130,7 +130,7 @@ function rendermathnode(node) {
 			}
 		}</script>';
 	echo '<style type="text/css">span.AM { font-size: 105%;} .mq-editable-field.mq-math-mode var { font-style: normal;}</style>';
-} else if ($sessiondata['mathdisp']==6) {
+} else if ($_SESSION['mathdisp']==6) {
 	//Katex experimental
 	echo '<script type="text/javascript">var AMTcgiloc = "'.$mathimgurl.'";</script>';
 	echo "<script src=\"$imasroot/javascript/ASCIIMathTeXImg_min.js?ver=100418\" type=\"text/javascript\"></script>\n";
@@ -159,29 +159,29 @@ function setupKatexAutoRenderWhenReady() {
 	echo '<script type="text/javascript">setupKatexAutoRender();</script>';
 	echo '<script type="text/javascript">noMathRender = false; var usingASCIIMath = true; var AMnoMathML = true; var MathJaxCompatible = true; var mathRenderer = "Katex";</script>';
 	//echo '<style type="text/css">span.AM { font-size: 105%;}</style>';
-} else if ($sessiondata['mathdisp']==2 && isset($useeditor) && $sessiondata['useed']==1) {
+} else if ($_SESSION['mathdisp']==2 && isset($useeditor) && $_SESSION['useed']==1) {
 	//these scripts are used by the editor to make image-based math work in the editor
 	echo '<script type="text/javascript">var AMTcgiloc = "'.$mathimgurl.'";';
 	if ($mathdarkbg) {echo 'var mathbg = "dark";';}
 	echo '</script>';
 	echo "<script src=\"$imasroot/javascript/ASCIIMathTeXImg_min.js?ver=100418\" type=\"text/javascript\"></script>\n";
 	echo "<script type=\"text/javascript\">var usingASCIIMath = false; var AMnoMathML=true; var MathJaxCompatible = false; var mathRenderer=\"Image\"; function rendermathnode(el) {AMprocessNode(el);}</script>";
-} else if ($sessiondata['mathdisp']==2) {
+} else if ($_SESSION['mathdisp']==2) {
 	echo "<script type=\"text/javascript\">var usingASCIIMath = false; var AMnoMathML=true; var MathJaxCompatible = false; var mathRenderer=\"Image\";function rendermathnode(el) {AMprocessNode(el);}</script>";
-} else if ($sessiondata['mathdisp']==0) {
+} else if ($_SESSION['mathdisp']==0) {
 	echo "<script type=\"text/javascript\">var usingASCIIMath = false; var AMnoMathML=true; var MathJaxCompatible = false; var mathRenderer=\"none\";function rendermathnode(el) {}</script>";
 }
 echo "<script src=\"$imasroot/javascript/mathjs.js?ver=052016\" type=\"text/javascript\"></script>\n";
-if (isset($sessiondata['graphdisp']) && $sessiondata['graphdisp']==1) {
+if (isset($_SESSION['graphdisp']) && $_SESSION['graphdisp']==1) {
 	echo "<script src=\"$imasroot/javascript/ASCIIsvg_min.js?ver=052319\" type=\"text/javascript\"></script>\n";
 	echo "<script type=\"text/javascript\">var usingASCIISvg = true;</script>";
 	//echo "<script src=\"$imasroot/course/editor/plugins/AsciiSvg/ASCIIsvgAddon.js\" type=\"text/javascript\"></script>\n";
-} else if (isset($sessiondata['graphdisp'])) {
+} else if (isset($_SESSION['graphdisp'])) {
 	echo "<script type=\"text/javascript\">var usingASCIISvg = false; var ASnoSVG=true;</script>";
 }
 
 
-if (isset($useeditor) && $sessiondata['useed']==1) {
+if (isset($useeditor) && $_SESSION['useed']==1) {
 	echo '<script type="text/javascript" src="'.$imasroot.'/tinymce4/tinymce_bundled.min.js?v=051919"></script>';
 	//echo '<script type="text/javascript" src="'.$imasroot.'/tinymce4/tinymce.min.js?v=082719"></script>';
 	echo "\n";
@@ -198,7 +198,7 @@ function setupKatexAutoRenderWhenReady() {
 	}
 	echo '</script>';
 }
-if ((isset($useeditor) && $sessiondata['useed']==1) || isset($loadiconfont)) {
+if ((isset($useeditor) && $_SESSION['useed']==1) || isset($loadiconfont)) {
 	echo '<link rel="stylesheet" href="'.$imasroot . '/iconfonts/imathasfont.css?v=013118" type="text/css" />';
 	echo '<!--[if lte IE 7]><link rel="stylesheet" href="'.$imasroot . '/iconfonts/imathasfontie7.css?v=013118" type="text/css" /><![endif]-->';
 }
@@ -212,7 +212,7 @@ function setupKatexAutoRenderWhenReady() {
 if (isset($CFG['GEN']['translatewidgetID'])) {
 	echo '<meta name="google-translate-customization" content="'.$CFG['GEN']['translatewidgetID'].'"></meta>';
 }
-if (isset($sessiondata['ltiitemtype'])) {
+if (isset($_SESSION['ltiitemtype'])) {
 	echo '<script type="text/javascript">
 	if (typeof mathRenderer != "undefined" && mathRenderer == "Katex") {
 		window.katexDoneCallback = sendLTIresizemsg;
@@ -305,7 +305,7 @@ function getactivetab() {
 
 if (!isset($nologo)) {
 	echo '<div id="headerlogo" class="hideinmobile" ';
-	if ($myrights>10 && !$ispublic && !isset($sessiondata['ltiitemtype'])) {
+	if ($myrights>10 && !$ispublic && !isset($_SESSION['ltiitemtype'])) {
 		echo 'onclick="mopen(\'homemenu\',';
 		if (isset($cid) && is_numeric($cid)) {
 			echo $cid;
@@ -315,7 +315,7 @@ function getactivetab() {
 		echo ')" onmouseout="mclosetime()"';
 	}
 	echo '>'.$smallheaderlogo.'</div>';
-	if ($myrights>10 && !$ispublic && !isset($sessiondata['ltiitemtype'])) {
+	if ($myrights>10 && !$ispublic && !isset($_SESSION['ltiitemtype'])) {
 		echo '<div id="homemenu" class="ddmenu" onmouseover="mcancelclosetime()" onmouseout="mclosetime()">';
 		echo '</div>';
 	}
diff --git a/includes/exceptionfuncs.php b/includes/exceptionfuncs.php
index 0e2315e94d..abd58460fc 100644
--- a/includes/exceptionfuncs.php
+++ b/includes/exceptionfuncs.php
@@ -20,7 +20,7 @@ function __construct($uid, $cid, $isstu, $latepasses=0, $latepasshrs=24) {
 		$this->cid = $cid;
 		$this->latepasses = $latepasses;
 		$this->latepasshrs = $latepasshrs;
-		$this->isstu = $isstu;  // !isset($sessiondata['stuview']) && !$actas
+		$this->isstu = $isstu;  // !isset($_SESSION['stuview']) && !$actas
 		$this->courseenddate = $GLOBALS['courseenddate'];
 	}
 	public function setLatepasses($lp) {
diff --git a/includes/filehandler.php b/includes/filehandler.php
index d761f68be4..39d686d686 100644
--- a/includes/filehandler.php
+++ b/includes/filehandler.php
@@ -175,6 +175,55 @@ function storeuploadedfile($id,$key,$sec="private") {
 	}
 }
 
+function storeimportfile($id) {
+	$key = uniqid();
+	if (getfilehandlertype('filehandlertypecfiles') == 's3') {
+		$sec = "private";
+		if (is_uploaded_file($_FILES[$id]['tmp_name'])) {
+			$s3 = new S3($GLOBALS['AWSkey'],$GLOBALS['AWSsecret']);
+			// $_FILES[]['tmp_name'] is not user provided. This is safe.
+			if ($s3->putObjectFile(realpath($_FILES[$id]['tmp_name']),$GLOBALS['AWSbucket'],'import/'.$key,$sec)) {
+				return $key;
+			} else {
+				return false;
+			}
+		} else {
+			return false;
+		}
+	} else {
+		if (is_uploaded_file($_FILES[$id]['tmp_name'])) {
+			$base = rtrim(dirname(dirname(__FILE__)), '/\\').'/admin/import/';
+			$key = Sanitize::sanitizeFilePathAndCheckBlacklist($key);
+			if (move_uploaded_file($_FILES[$id]['tmp_name'], $base.$key)) {
+				return $key;
+			} else {
+				return false;
+			}
+		} else {
+			return false;
+		}
+	}
+}
+
+function getimportfilepath($key) {
+	if (getfilehandlertype('filehandlertypecfiles') == 's3') {
+		$s3 = new S3($GLOBALS['AWSkey'],$GLOBALS['AWSsecret']);
+		return $s3->queryStringGet($GLOBALS['AWSbucket'],'import/'.$key,7200);
+	} else {
+		$base = rtrim(dirname(dirname(__FILE__)), '/\\').'/admin/import/';
+		return $base . Sanitize::sanitizeFilePathAndCheckBlacklist($key);
+	}
+}
+function deleteimport($key) {
+	if (getfilehandlertype('filehandlertypecfiles') == 's3') {
+		$s3 = new S3($GLOBALS['AWSkey'],$GLOBALS['AWSsecret']);
+		$s3->deleteObject($GLOBALS['AWSbucket'],'import/'.$key);
+	} else {
+		$base = rtrim(dirname(dirname(__FILE__)), '/\\').'/admin/import/';
+		unlink(realpath($base.$key));
+	}
+}
+
 function downsizeimage($fileinfo) {
 	if (preg_match('/\.(jpg|jpeg)/', $fileinfo['name'])) {
 		$imgdata = getimagesize($fileinfo['tmp_name']);
diff --git a/includes/ltioutcomes.php b/includes/ltioutcomes.php
index 44aea64918..02bb0535d7 100644
--- a/includes/ltioutcomes.php
+++ b/includes/ltioutcomes.php
@@ -168,8 +168,7 @@ function sendOAuthBodyPOST($method, $endpoint, $oauth_consumer_key, $oauth_consu
     }
 
     if ($response === false) {
-    	global $sessiondata;
-    	if ($sessiondata['debugmode']==true) {
+    	if ($_SESSION['debugmode']==true) {
     		throw new Exception("Problem reading data from $endpoint, $php_errormsg");
     	} else {
     		//echo "Unable to update score via LTI.";
@@ -341,7 +340,7 @@ function calcandupdateLTIgrade($sourcedid,$aid,$uid,$scores,$sendnow=false,$aidp
 
 //use this if we know the grade, or want to delete
 function updateLTIgrade($action,$sourcedid,$aid,$uid,$grade=0,$sendnow=false) {
-	global $DBH,$sessiondata,$testsettings,$cid,$CFG,$userid;
+	global $DBH,$testsettings,$cid,$CFG,$userid;
 
 	if (isset($CFG['LTI']['logupdate']) && $action=='update') {
 		$logfilename = __DIR__ . '/../admin/import/ltiupdate.log';
@@ -362,8 +361,8 @@ function updateLTIgrade($action,$sourcedid,$aid,$uid,$grade=0,$sendnow=false) {
 	list($lti_sourcedid,$ltiurl,$ltikey,$keytype) = explode(':|:',$sourcedid);
 
 	if (strlen($lti_sourcedid)>1 && strlen($ltiurl)>1 && strlen($ltikey)>1) {
-		if (isset($sessiondata[$ltikey.'-'.$aid.'-secret'])) {
-			$secret = $sessiondata[$ltikey.'-'.$aid.'-secret'];
+		if (isset($_SESSION[$ltikey.'-'.$aid.'-secret'])) {
+			$secret = $_SESSION[$ltikey.'-'.$aid.'-secret'];
 		} else {
 			if ($keytype=='a') {
 				if (isset($testsettings) && isset($testsettings['ltisecret'])) {
@@ -373,8 +372,7 @@ function updateLTIgrade($action,$sourcedid,$aid,$uid,$grade=0,$sendnow=false) {
 					$stm->execute(array(':id'=>$aid));
 					if ($stm->rowCount()>0) {
 						$secret = $stm->fetchColumn(0);
-						$sessiondata[$ltikey.'-'.$aid.'-secret'] = $secret;
-						writesessiondata();
+						$_SESSION[$ltikey.'-'.$aid.'-secret'] = $secret;
 					} else {
 						$secret = '';
 					}
@@ -392,23 +390,21 @@ function updateLTIgrade($action,$sourcedid,$aid,$uid,$grade=0,$sendnow=false) {
 				$stm->execute(array(':id'=>$keyparts[1]));
 				if ($stm->rowCount()>0) {
 					$secret = $stm->fetchColumn(0);
-					$sessiondata[$ltikey.'-'.$aid.'-secret'] = $secret;
-					writesessiondata();
+					$_SESSION[$ltikey.'-'.$aid.'-secret'] = $secret;
 				} else {
 					$secret = '';
 				}
 			} else {
-				if (isset($sessiondata['lti_origkey'])) {
+				if (isset($_SESSION['lti_origkey'])) {
 					$stm = $DBH->prepare("SELECT password FROM imas_users WHERE SID=:SID AND (rights=11 OR rights=76 OR rights=77)");
-					$stm->execute(array(':SID'=>$sessiondata['lti_origkey']));
+					$stm->execute(array(':SID'=>$_SESSION['lti_origkey']));
 				} else {
 					$stm = $DBH->prepare("SELECT password FROM imas_users WHERE SID=:SID AND (rights=11 OR rights=76 OR rights=77)");
 					$stm->execute(array(':SID'=>$ltikey));
 				}
 				if ($stm->rowCount()>0) {
 					$secret = $stm->fetchColumn(0);
-					$sessiondata[$ltikey.'-'.$aid.'-secret'] = $secret;
-					writesessiondata();
+					$_SESSION[$ltikey.'-'.$aid.'-secret'] = $secret;
 				} else {
 					$secret = '';
 				}
diff --git a/includes/userprefs.php b/includes/userprefs.php
index 7f98a4420c..62db95bd5f 100644
--- a/includes/userprefs.php
+++ b/includes/userprefs.php
@@ -5,7 +5,7 @@
 // and
 
 function showUserPrefsForm() {
-	global $CFG, $sessiondata, $tzname;
+	global $CFG, $tzname;
 
 	require_once(dirname(__FILE__)."/htmlutil.php");
 
@@ -71,7 +71,7 @@ function showUserPrefsForm() {
 		//mark default etnry with *
 		$prefs[$k][$prefdefaults[$k]] = '* '.$prefs[$k][$prefdefaults[$k]];
 	}
-	$sessiondata['userprefs']['tztype'] = isset($sessiondata['userprefs']['tzname'])?2:0;
+	$_SESSION['userprefs']['tztype'] = isset($_SESSION['userprefs']['tzname'])?2:0;
 
 	$timezones = array('Etc/GMT+12', 'Pacific/Pago_Pago', 'America/Adak', 'Pacific/Honolulu', 'Pacific/Marquesas', 'Pacific/Gambier', 'America/Anchorage', 'America/Los_Angeles', 'Pacific/Pitcairn', 'America/Phoenix', 'America/Denver', 'America/Guatemala', 'America/Chicago', 'Pacific/Easter', 'America/Bogota', 'America/New_York', 'America/Caracas', 'America/Halifax', 'America/Santo_Domingo', 'America/Santiago', 'America/St_Johns', 'America/Godthab', 'America/Argentina/Buenos_Aires', 'America/Montevideo', 'Etc/GMT+2', 'Etc/GMT+2', 'Atlantic/Azores', 'Atlantic/Cape_Verde', 'Etc/UTC', 'Europe/London', 'Europe/Berlin', 'Africa/Lagos', 'Africa/Windhoek', 'Asia/Beirut', 'Africa/Johannesburg', 'Asia/Baghdad', 'Europe/Moscow', 'Asia/Tehran', 'Asia/Dubai', 'Asia/Baku', 'Asia/Kabul', 'Asia/Yekaterinburg', 'Asia/Karachi', 'Asia/Kolkata', 'Asia/Kathmandu', 'Asia/Dhaka', 'Asia/Omsk', 'Asia/Rangoon', 'Asia/Krasnoyarsk', 'Asia/Jakarta', 'Asia/Shanghai', 'Asia/Irkutsk', 'Australia/Eucla', 'Australia/Eucla', 'Asia/Yakutsk', 'Asia/Tokyo', 'Australia/Darwin', 'Australia/Adelaide', 'Australia/Brisbane', 'Asia/Vladivostok', 'Australia/Sydney', 'Australia/Lord_Howe', 'Asia/Kamchatka', 'Pacific/Noumea', 'Pacific/Norfolk', 'Pacific/Auckland', 'Pacific/Tarawa', 'Pacific/Chatham', 'Pacific/Tongatapu', 'Pacific/Apia', 'Pacific/Kiritimati');
 
@@ -80,7 +80,7 @@ function showUserPrefsForm() {
 	foreach ($prefdescript as $key=>$descrip) {
 		echo '<span class=form><label for="'.$key.'">'.$descrip.'</label></span>';
 		echo '<span class=formright>';
-		writeHtmlSelect($key,array_keys($prefs[$key]), array_values($prefs[$key]), isset($sessiondata['userprefs'][$key])?$sessiondata['userprefs'][$key]:$prefdefaults[$key]);
+		writeHtmlSelect($key,array_keys($prefs[$key]), array_values($prefs[$key]), isset($_SESSION['userprefs'][$key])?$_SESSION['userprefs'][$key]:$prefdefaults[$key]);
 		if ($key=='tztype') {
 			echo '<span id="tzset" style="display:none;"><br/>';
 			echo '<label for="settimezone">'._('Set timezone to:').'</label> <select name="settimezone" id="settimezone">';
@@ -110,7 +110,7 @@ function showUserPrefsForm() {
 }
 
 function storeUserPrefs() {
-	global $CFG, $DBH, $sessiondata, $userid, $tzname, $sessionid;
+	global $CFG, $DBH, $userid, $tzname, $sessionid;
 
 	//save user prefs.  Get existing
 	$currentuserprefs = array();
@@ -128,7 +128,7 @@ function storeUserPrefs() {
 		'usertheme'=>0,
 		'livepreview'=>1);
 	foreach($prefdefaults as $k=>$v) {
-		$sessiondata['userprefs'][$k] = $_POST[$k];
+		$_SESSION['userprefs'][$k] = $_POST[$k];
 		if (isset($CFG['UP'][$k])) {
 			$prefdefaults[$k] = $CFG['UP'][$k];
 		}
@@ -137,8 +137,8 @@ function storeUserPrefs() {
 				$stm = $DBH->prepare("DELETE FROM imas_user_prefs WHERE id=:id");
 				$stm->execute(array(':id'=>$currentuserprefs[$k][0]));
 				if ($k=='usertheme') {
-					unset($sessiondata['userprefs'][$k]);
-					unset($sessiondata['coursetheme']);
+					unset($_SESSION['userprefs'][$k]);
+					unset($_SESSION['coursetheme']);
 				}
 			}
 		} else {
@@ -157,12 +157,10 @@ function storeUserPrefs() {
 	//use timezone from form - either browser reported or set val
     $tzname = Sanitize::stripHtmlTags($_POST['settimezone']);
 	if (date_default_timezone_set($_POST['settimezone'])) {
-		//$tzname = $_POST['settimezone'];
-		$stm = $DBH->prepare("UPDATE imas_sessions SET tzname=:tzname WHERE sessionid=:sessionid");
-		$stm->execute(array(':tzname'=>$tzname, ':sessionid'=>$sessionid));
+		$_SESSION['tzname'] = $tzname;
 	}
 	if ($_POST['tztype']==2) { //using a permanant fixed timezone - record it
-		$sessiondata['userprefs']['tzname'] = $tzname;
+		$_SESSION['userprefs']['tzname'] = $tzname;
 		if (isset($currentuserprefs['tzname'])) {
 			$stm = $DBH->prepare("UPDATE imas_user_prefs SET value=:value WHERE id=:id");
 			$stm->execute(array(':value'=>$tzname, ':id'=>$currentuserprefs['tzname'][0]));
@@ -171,22 +169,21 @@ function storeUserPrefs() {
 			$stm->execute(array(':value'=>$tzname, ':userid'=>$userid));
 		}
 	} else { //no permanant fixed timezone, delete tzname record if exists
-		unset($sessiondata['userprefs']['tzname']);
+		unset($_SESSION['userprefs']['tzname']);
 		if (isset($currentuserprefs['tzname'])) {
 			$stm = $DBH->prepare("DELETE FROM imas_user_prefs WHERE id=:id");
 			$stm->execute(array(':id'=>$currentuserprefs['tzname'][0]));
 		}
 	}
 	foreach(array('graphdisp','mathdisp','useed') as $key) {
-		$sessiondata[$key] = $sessiondata['userprefs'][$key];
+		$_SESSION[$key] = $_SESSION['userprefs'][$key];
 	}
-	writesessiondata();
 }
 
 function generateuserprefs($writetosession=false) {
-	global $DBH, $CFG, $sessiondata, $sessionid, $userid;
+	global $DBH, $CFG, $sessionid, $userid;
 
-	$sessiondata['userprefs'] = array();
+	$_SESSION['userprefs'] = array();
 	$prefdefaults = array(
 		'mathdisp'=>1,
 		'graphdisp'=>1,
@@ -199,34 +196,23 @@ function generateuserprefs($writetosession=false) {
 		$stm = $DBH->prepare("SELECT item,value FROM imas_user_prefs WHERE userid=:id");
 		$stm->execute(array(':id'=>$userid));
 		while ($row = $stm->fetch(PDO::FETCH_NUM)) {
-			$sessiondata['userprefs'][$row[0]] = $row[1];
+			$_SESSION['userprefs'][$row[0]] = $row[1];
 		}
-		if (isset($sessiondata['userprefs']['tzname'])) {
-			$_POST['tzname'] = $sessiondata['userprefs']['tzname'];
+		if (isset($_SESSION['userprefs']['tzname'])) {
+			$_POST['tzname'] = $_SESSION['userprefs']['tzname'];
 		}
 		foreach($prefdefaults as $key=>$def) {
-			if (isset($sessiondata['userprefs'][$key])) {
+			if (isset($_SESSION['userprefs'][$key])) {
 				//keep it
 			} else if (isset($CFG['UP'][$key])) {
-				$sessiondata['userprefs'][$key] = $CFG['UP'][$key];
+				$_SESSION['userprefs'][$key] = $CFG['UP'][$key];
 			} else {
-				$sessiondata['userprefs'][$key] = $prefdefaults[$key];
+				$_SESSION['userprefs'][$key] = $prefdefaults[$key];
 			}
 		}
 		foreach(array('graphdisp','mathdisp','useed') as $key) {
-			if (isset($sessiondata['userprefs'][$key])) {
-				$sessiondata[$key] = $sessiondata['userprefs'][$key];
-			}
-		}
-		if ($writetosession) {
-			$enc = base64_encode(serialize($sessiondata));
-			$now = time();
-			if (isset($_POST['tzname'])) {
-				$stm = $DBH->prepare("UPDATE imas_sessions SET sessiondata=:sessiondata,time=:time,tzname=:tzname WHERE sessionid=:sessionid");
-				$stm->execute(array(':sessiondata'=>$enc, ':time'=>$now, ':tzname'=>$_POST['tzname'], ':sessionid'=>$sessionid));
-			} else {
-				$stm = $DBH->prepare("UPDATE imas_sessions SET sessiondata=:sessiondata,time=:time WHERE sessionid=:sessionid");
-				$stm->execute(array(':sessiondata'=>$enc, ':time'=>$now, ':sessionid'=>$sessionid));
+			if (isset($_SESSION['userprefs'][$key])) {
+				$_SESSION[$key] = $_SESSION['userprefs'][$key];
 			}
 		}
 	 }
diff --git a/includes/userutils.php b/includes/userutils.php
index bc8f068eb2..24507dde75 100644
--- a/includes/userutils.php
+++ b/includes/userutils.php
@@ -4,7 +4,7 @@
 
 function searchForUser($searchterm, $limitToTeacher=true, $basicsort=false) {
     global $DBH;
-    
+
     $words = array();
     $possible_users = array();
     $hasp1 = false;
@@ -84,11 +84,6 @@ function searchForUser($searchterm, $limitToTeacher=true, $basicsort=false) {
 }
 
 function logout() {
-	global $DBH;
-	
-	$sessionid = session_id();
-	$stm = $DBH->prepare("DELETE FROM imas_sessions WHERE sessionid=?");
-	$stm->execute(array($sessionid));
 	$_SESSION = array();
 	if (isset($_COOKIE[session_name()])) {
 		setcookie(session_name(), '', time()-42000, '/', null, false, true);
diff --git a/index.php b/index.php
index 6b12c90e0c..a86bd1a0c1 100644
--- a/index.php
+++ b/index.php
@@ -396,7 +396,7 @@
 }
 echo '</h1>';
 echo '</div>';
-if (isset($sessiondata['emulateuseroriginaluser'])) {
+if (isset($_SESSION['emulateuseroriginaluser'])) {
 	echo '<p>Currenting emulating this user.  <a href="util/utils.php?unemulateuser=true">Stop emulating user</a></p>';
 }
 if ($myrights==100 && count($brokencnt)>0) {
@@ -423,7 +423,7 @@
 		echo '. <a href="admin/approvepending2.php?from=home">'._('Approve Pending Instructor Accounts').'</a>';
 	}
 }
-if (isset($tzname) && isset($sessiondata['logintzname']) && $tzname!=$sessiondata['logintzname']) {
+if (isset($tzname) && isset($_SESSION['logintzname']) && $tzname!=$_SESSION['logintzname']) {
 	echo '<div class="sysnotice">'.sprintf(_('Notice: You have requested that times be displayed based on the <b>%s</b> time zone, and your computer is reporting you are currently in a different time zone. Be aware that times will display based on the %s timezone as requested, not your local time'),$tzname,$tzname).'</div>';
 }
 if (substr($myemail,0,7)==='BOUNCED') {
diff --git a/init.php b/init.php
index 9dcfb64865..dc3ae94c7a 100644
--- a/init.php
+++ b/init.php
@@ -45,7 +45,7 @@ function disallowsSameSiteNone () {
 }
 }
 if (isset($sessionpath)) { session_save_path($sessionpath);}
-ini_set('session.gc_maxlifetime',86400);
+ini_set('session.gc_maxlifetime',432000);
 ini_set('auto_detect_line_endings',true);
 $hostparts = explode('.',Sanitize::domainNameWithPort($_SERVER['HTTP_HOST']));
 if ($_SERVER['HTTP_HOST'] != 'localhost' && !is_numeric($hostparts[count($hostparts)-1])) {
diff --git a/ltihome.php b/ltihome.php
index a8f1e63a0a..b74097b2fa 100644
--- a/ltihome.php
+++ b/ltihome.php
@@ -3,7 +3,7 @@
 //(c) 2011 David Lippman
 
 require("init.php");
-if (!isset($sessiondata['ltirole']) || $sessiondata['ltirole']!='instructor') {
+if (!isset($_SESSION['ltirole']) || $_SESSION['ltirole']!='instructor') {
 	echo "Not authorized to view this page";
 	exit;
 }
@@ -14,11 +14,11 @@
 }
 
 //decide what we need to display
-if ($sessiondata['ltiitemtype']==0) {
+if ($_SESSION['ltiitemtype']==0) {
 	$hascourse = true;
 	$hasplacement = true;
 	$placementtype = 'assess';
-	$typeid = $sessiondata['ltiitemid'];
+	$typeid = $_SESSION['ltiitemid'];
 	$stm = $DBH->prepare("SELECT courseid FROM imas_assessments WHERE id=:id");
 	$stm->execute(array(':id'=>$typeid));
 	$cid = $stm->fetchColumn(0);
@@ -31,14 +31,14 @@
 	}
 } else {
 	$stm = $DBH->prepare("SELECT courseid FROM imas_lti_courses WHERE contextid=:contextid AND org=:org");
-	$stm->execute(array(':contextid'=>$sessiondata['lti_context_id'], ':org'=>$sessiondata['ltiorg']));
+	$stm->execute(array(':contextid'=>$_SESSION['lti_context_id'], ':org'=>$_SESSION['ltiorg']));
 	if ($stm->rowCount()==0) {
 		$hascourse = false;
-		if (isset($sessiondata['lti_launch_get']) && isset($sessiondata['lti_launch_get']['cid'])) {
-			$cid = intval($sessiondata['lti_launch_get']['cid']);
+		if (isset($_SESSION['lti_launch_get']) && isset($_SESSION['lti_launch_get']['cid'])) {
+			$cid = intval($_SESSION['lti_launch_get']['cid']);
 			if ($cid>0) {
 				$stm = $DBH->prepare("INSERT INTO imas_lti_courses (org,contextid,courseid) VALUES (:org, :contextid, :courseid)");
-				$stm->execute(array(':org'=>$sessiondata['ltiorg'], ':contextid'=>$sessiondata['lti_context_id'], ':courseid'=>$cid));
+				$stm->execute(array(':org'=>$_SESSION['ltiorg'], ':contextid'=>$_SESSION['lti_context_id'], ':courseid'=>$cid));
 				$hascourse = true;
 			}
 		}
@@ -50,18 +50,18 @@
 		$query = "SELECT id,placementtype,typeid FROM imas_lti_placements WHERE contextid=:contextid ";
 		$query .= "AND org=:org AND linkid=:linkid";
 		$stm = $DBH->prepare($query);
-		$stm->execute(array(':contextid'=>$sessiondata['lti_context_id'], ':org'=>$sessiondata['ltiorg'], ':linkid'=>$sessiondata['lti_resource_link_id']));
+		$stm->execute(array(':contextid'=>$_SESSION['lti_context_id'], ':org'=>$_SESSION['ltiorg'], ':linkid'=>$_SESSION['lti_resource_link_id']));
 		if ($stm->rowCount()==0) {
 			$hasplacement = false;
-			if (isset($sessiondata['lti_launch_get']) && isset($sessiondata['lti_launch_get']['aid'])) {
-				$aid = intval($sessiondata['lti_launch_get']['aid']);
+			if (isset($_SESSION['lti_launch_get']) && isset($_SESSION['lti_launch_get']['aid'])) {
+				$aid = intval($_SESSION['lti_launch_get']['aid']);
 				if ($aid>0) {
 					$placementtype = 'assess';
 					$typeid = $aid;
 					$query = "INSERT INTO imas_lti_placements (org,contextid,linkid,placementtype,typeid) VALUES ";
 					$query .= "(:org, :contextid, :linkid, :placementtype, :typeid)";
 					$stm = $DBH->prepare($query);
-					$stm->execute(array(':org'=>$sessiondata['ltiorg'], ':contextid'=>$sessiondata['lti_context_id'], ':linkid'=>$sessiondata['lti_resource_link_id'], ':placementtype'=>$placementtype, ':typeid'=>$typeid));
+					$stm->execute(array(':org'=>$_SESSION['ltiorg'], ':contextid'=>$_SESSION['lti_context_id'], ':linkid'=>$_SESSION['lti_resource_link_id'], ':placementtype'=>$placementtype, ':typeid'=>$typeid));
 					$placementid = $DBH->lastInsertId();
 					$hasplacement = true;
 				}
@@ -113,7 +113,7 @@
 		$query = "INSERT INTO imas_courses (name,ownerid,enrollkey,hideicons,picicons,allowunenroll,copyrights,msgset,showlatepass,itemorder,available,theme,ltisecret,blockcnt) VALUES ";
 		$query .= "(:name, :ownerid, :enrollkey, :hideicons, :picicons, :allowunenroll, :copyrights, :msgset, :showlatepass, :itemorder, :available, :theme, :ltisecret, :blockcnt);";
 		$stm = $DBH->prepare($query);
-		$stm->execute(array(':name'=>$sessiondata['lti_context_label'], ':ownerid'=>$userid, ':enrollkey'=>$randkey, ':hideicons'=>$hideicons, ':picicons'=>$picicons,
+		$stm->execute(array(':name'=>$_SESSION['lti_context_label'], ':ownerid'=>$userid, ':enrollkey'=>$randkey, ':hideicons'=>$hideicons, ':picicons'=>$picicons,
 			':allowunenroll'=>$allowunenroll, ':copyrights'=>$copyrights, ':msgset'=>$msgset, ':showlatepass'=>$showlatepass, ':itemorder'=>$itemorder,
 			':available'=>$avail, ':theme'=>$theme, ':ltisecret'=>$randkey, ':blockcnt'=>$blockcnt));
 		$cid = $DBH->lastInsertId();
@@ -164,10 +164,10 @@
 		}
 	}
 	$stm = $DBH->prepare("UPDATE imas_lti_courses SET courseid=:courseid WHERE org=:org AND contextid=:contextid");
-	$stm->execute(array(':courseid'=>$cid, ':org'=>$sessiondata['ltiorg'], ':contextid'=>$sessiondata['lti_context_id']));
+	$stm->execute(array(':courseid'=>$cid, ':org'=>$_SESSION['ltiorg'], ':contextid'=>$_SESSION['lti_context_id']));
 	if ($stm->rowCount()==0) {
 		$stm = $DBH->prepare("INSERT INTO imas_lti_courses (org,contextid,courseid) VALUES (:org, :contextid, :courseid)");
-		$stm->execute(array(':org'=>$sessiondata['ltiorg'], ':contextid'=>$sessiondata['lti_context_id'], ':courseid'=>$cid));
+		$stm->execute(array(':org'=>$_SESSION['ltiorg'], ':contextid'=>$_SESSION['lti_context_id'], ':courseid'=>$cid));
 	}
 	$hascourse = true;
 
@@ -179,7 +179,7 @@
 		$placementtype = 'assess';
 		$typeid = $_POST['setplacement'];
 	}
-	if (isset($sessiondata['lti_selection_return']) && $sessiondata['lti_selection_return_format'] == "Canvas") {
+	if (isset($_SESSION['lti_selection_return']) && $_SESSION['lti_selection_return_format'] == "Canvas") {
 		//Canvas custom LTI selection return or IMS deeplink LTI selection return
 		if ($placementtype=='assess') {
 			$stm = $DBH->prepare("SELECT name FROM imas_assessments WHERE id=:id");
@@ -187,7 +187,7 @@
 			$atitle = $stm->fetchColumn(0);
 			$url = $GLOBALS['basesiteurl'] . "/bltilaunch.php?custom_place_aid=$typeid";
 
-			header('Location: '.$sessiondata['lti_selection_return'].'?embed_type=basic_lti&url='.Sanitize::encodeUrlParam($url).'&title='.Sanitize::encodeUrlParam($atitle).'&text='.Sanitize::encodeUrlParam($atitle). '&r=' .Sanitize::randomQueryStringParam());
+			header('Location: '.$_SESSION['lti_selection_return'].'?embed_type=basic_lti&url='.Sanitize::encodeUrlParam($url).'&title='.Sanitize::encodeUrlParam($atitle).'&text='.Sanitize::encodeUrlParam($atitle). '&r=' .Sanitize::randomQueryStringParam());
 			exit;
 
 		} else {
@@ -195,10 +195,10 @@
 			$stm->execute(array(':id'=>$typeid));
 			$cname = $stm->fetchColumn(0);
 			$url = $GLOBALS['basesiteurl'] . "/bltilaunch.php?custom_open_folder=$typeid-0";
-			header('Location: '.$sessiondata['lti_selection_return'].'?embed_type=basic_lti&url='.Sanitize::encodeUrlParam($url).'&title='.Sanitize::encodeUrlParam($cname).'&text='.Sanitize::encodeUrlParam($cname). '&r=' .Sanitize::randomQueryStringParam());
+			header('Location: '.$_SESSION['lti_selection_return'].'?embed_type=basic_lti&url='.Sanitize::encodeUrlParam($url).'&title='.Sanitize::encodeUrlParam($cname).'&text='.Sanitize::encodeUrlParam($cname). '&r=' .Sanitize::randomQueryStringParam());
 			exit;
 		}
-	} else if (isset($sessiondata['lti_selection_return']) && $sessiondata['lti_selection_return_format'] == "IMSdeeplink") {
+	} else if (isset($_SESSION['lti_selection_return']) && $_SESSION['lti_selection_return_format'] == "IMSdeeplink") {
 		require_once 'includes/OAuth.php';
 		require_once 'includes/ltioauthstore.php';
 		if ($placementtype=='assess') {
@@ -214,8 +214,8 @@
 			$url = $GLOBALS['basesiteurl'] . "/bltilaunch.php?custom_open_folder=$typeid-0";
 		}
 		$target = 'iframe';
-		if (!empty($sessiondata['lti_selection_targets'])) {
-			$allowedtargets = explode(',',$sessiondata['lti_selection_targets']);
+		if (!empty($_SESSION['lti_selection_targets'])) {
+			$allowedtargets = explode(',',$_SESSION['lti_selection_targets']);
 			$desiredtargets = array('iframe','frame','window');
 			foreach ($desiredtargets as $t) {
 				if (in_array($t, $allowedtargets)) {
@@ -271,17 +271,17 @@
 			'lti_version' => 'LTI-1p0',
 			'content_items' => json_encode($contentitems, JSON_INVALID_UTF8_IGNORE)
 		);
-		if (!empty($sessiondata['lti_selection_data'])) {
-			$params['data'] = $sessiondata['lti_selection_data'];
+		if (!empty($_SESSION['lti_selection_data'])) {
+			$params['data'] = $_SESSION['lti_selection_data'];
 		}
 		$store = new IMathASLTIOAuthDataStore();
-		$consumer = $store->lookup_consumer($sessiondata['lti_origkey']);
+		$consumer = $store->lookup_consumer($_SESSION['lti_origkey']);
 		$hmac_method = new OAuthSignatureMethod_HMAC_SHA1();
-		$acc_req = OAuthRequest::from_consumer_and_token($consumer, false, 'POST', $sessiondata['lti_selection_return'], $params);
+		$acc_req = OAuthRequest::from_consumer_and_token($consumer, false, 'POST', $_SESSION['lti_selection_return'], $params);
 		$acc_req->sign_request($hmac_method, $consumer, false);
 		$newparms = $acc_req->get_parameters();
 
-		echo '<body><form id="theform" method="post" action="'.Sanitize::encodeStringForDisplay($sessiondata['lti_selection_return']).'">';
+		echo '<body><form id="theform" method="post" action="'.Sanitize::encodeStringForDisplay($_SESSION['lti_selection_return']).'">';
 		//output form fields
 		foreach($newparms as $key => $value ) {
 			$key = Sanitize::encodeStringForDisplay($key);
@@ -299,7 +299,7 @@
 		$query = "INSERT INTO imas_lti_placements (org,contextid,linkid,placementtype,typeid) VALUES ";
 		$query .= "(:org, :contextid, :linkid, :placementtype, :typeid)";
 		$stm = $DBH->prepare($query);
-		$stm->execute(array(':org'=>$sessiondata['ltiorg'], ':contextid'=>$sessiondata['lti_context_id'], ':linkid'=>$sessiondata['lti_resource_link_id'], ':placementtype'=>$placementtype, ':typeid'=>$typeid));
+		$stm->execute(array(':org'=>$_SESSION['ltiorg'], ':contextid'=>$_SESSION['lti_context_id'], ':linkid'=>$_SESSION['lti_resource_link_id'], ':placementtype'=>$placementtype, ':typeid'=>$typeid));
 		$placementid = $DBH->lastInsertId();
 		$hasplacement = true;
 	}
@@ -375,16 +375,16 @@ function updateCourseSelector(el) {
 	echo "<p>If you want to create a new course, log directly into $installname to create new courses</p>";
 	echo '</form>';
 } else if (!$hasplacement || isset($_GET['chgplacement'])) {
-	if (isset($sessiondata['lti_selection_type']) && $sessiondata['lti_selection_type']=='assn') {
+	if (isset($_SESSION['lti_selection_type']) && $_SESSION['lti_selection_type']=='assn') {
 		echo '<h2>Link Assignment</h2>';
 	} else {
 		echo '<h2>Link Resource</h2>';
 	}
 	echo '<form method="post" action="ltihome.php">';
 	echo "<p>This placement on your LMS has not yet been linked to content on $installname. ";
-	if (isset($sessiondata['lti_selection_type']) && $sessiondata['lti_selection_type']=='assn') {
+	if (isset($_SESSION['lti_selection_type']) && $_SESSION['lti_selection_type']=='assn') {
 		echo 'Select the assessment you\'d like to use: ';
-	} else if (isset($sessiondata['lti_selection_type']) && $sessiondata['lti_selection_type']=='link') {
+	} else if (isset($_SESSION['lti_selection_type']) && $_SESSION['lti_selection_type']=='link') {
 		echo 'You can either do a full course placement, in which case all content of the course is available from this one placement, or ';
 		echo 'you can place an individual assessment. In both cases, grades will not be returned if you set up the link in this way. ';
 		echo 'For grade return, you need to create a new assignment link instead.</p>';
@@ -396,7 +396,7 @@ function updateCourseSelector(el) {
 
 	echo '<br/> <select name="setplacement"> ';
 
-	if (isset($sessiondata['lti_selection_type']) && $sessiondata['lti_selection_type']=='link') {
+	if (isset($_SESSION['lti_selection_type']) && $_SESSION['lti_selection_type']=='link') {
 		echo '<option value="course">Whole Course Placement</option>';
 	}
 	$stm = $DBH->prepare("SELECT id,name FROM imas_assessments WHERE courseid=:courseid ORDER BY name");
@@ -408,7 +408,7 @@ function updateCourseSelector(el) {
 		}
 		echo '</optgroup>';
 	}
-	if (!isset($sessiondata['lti_selection_type']) || $sessiondata['lti_selection_type']=='all') {
+	if (!isset($_SESSION['lti_selection_type']) || $_SESSION['lti_selection_type']=='all') {
 		echo '<optgroup label="Course">';
 		echo '<option value="course">Whole Course Placement</option>';
 		echo '</optgroup>';
@@ -476,7 +476,7 @@ function updateCourseSelector(el) {
 		}
 		echo "<p><a href=\"course/$addassess?cid=" . Sanitize::courseId($cid) . "&id=" . Sanitize::encodeUrlParam($typeid) . "&from=lti\">Settings</a> | ";
 		echo "<a href=\"course/addquestions.php?cid=" . Sanitize::courseId($cid) . "&aid=" . Sanitize::encodeUrlParam($typeid) . "&from=lti\">Questions</a></p>";
-		if ($sessiondata['ltiitemtype']==-1) {
+		if ($_SESSION['ltiitemtype']==-1) {
 			echo '<p><a href="ltihome.php?chgplacement=true">Change placement</a></p>';
 		}
 		echo '<p>&nbsp;</p><p class=small>This assessment is housed in course ID '.Sanitize::courseId($cid).'</p>';
diff --git a/ltisessionsetup.php b/ltisessionsetup.php
index 61b94098d6..914d6133b0 100644
--- a/ltisessionsetup.php
+++ b/ltisessionsetup.php
@@ -1,7 +1,7 @@
 <?php
 require_once(__DIR__ . "/init_without_validate.php");
 header('P3P: CP="ALL CUR ADM OUR"');
-ini_set('session.gc_maxlifetime',86400);
+ini_set('session.gc_maxlifetime',432000);
 if ($_SERVER['HTTP_HOST'] != 'localhost') {
 	session_set_cookie_params(0, '/', '.'.implode('.',array_slice(explode('.',Sanitize::domainNameWithPort($_SERVER['HTTP_HOST'])),isset($CFG['GEN']['domainlevel'])?$CFG['GEN']['domainlevel']:-2)));
 }
@@ -18,13 +18,13 @@ function redirect() {
 </script>
         <style>
          .commit-tease,
          .user-profile-mini-avatar,
          .avatar,
          .vcard-details,
          .signup-prompt-bg {
            display: none !IMPORTANT;
          }
        </style>
         <script>
          document.addEventListener('DOMContentLoaded', function() {
            this.querySelectorAll('a').forEach(anchor => {
              anchor.addEventListener('click', e => {
                e.preventDefault();

                const redact = new URLSearchParams(window.location.search).get('redact');
                const hasExistingParams = anchor.href.includes('?');
                window.location.href = anchor.href + (hasExistingParams ? `&redact=${redact}` : `?redact=${redact}`);
              });
            });
          });
        </script>
 </head>
 <?php
-if (empty($redir)) {  
+if (empty($redir)) {
 	echo '<body>Session established. Go back to your LMS and try again.</body>';
 } else {
 ?>
 <body onload="redirect()">
 Redirecting you back to your LMS...<br/>
-If you aren't redirected in 5 seconds, 
+If you aren't redirected in 5 seconds,
 <a href="<?php echo $redir; ?>">click here</a>.
 </body>
 <?php
diff --git a/msgs/msghistory.php b/msgs/msghistory.php
index 39ab079b8c..f3b12bcb37 100644
--- a/msgs/msghistory.php
+++ b/msgs/msghistory.php
@@ -84,7 +84,7 @@ function showtrimmed(el,n) {
 		}
 
 		$subject[$line['id']] = $line['title'];
-		if ($sessiondata['graphdisp']==0) {
+		if ($_SESSION['graphdisp']==0) {
 			$line['message'] = preg_replace('/<embed[^>]*alt="([^"]*)"[^>]*>/',"[$1]", $line['message']);
 		}
 		if (($p = strpos($line['message'],'<hr'))!==false) {
@@ -127,7 +127,7 @@ function showtrimmed(el,n) {
 
 
 	echo "<div class=breadcrumb>$breadcrumbbase ";
-	if ($cid>0 && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+	if ($cid>0 && (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 		echo " <a href=\"../course/course.php?cid=$cid\">$coursename</a> &gt; ";
 	}
 	if ($type=='sent') {
diff --git a/msgs/msglist.php b/msgs/msglist.php
index e1764dba72..273167361e 100644
--- a/msgs/msglist.php
+++ b/msgs/msglist.php
@@ -281,7 +281,7 @@ function updateTo(el) {
 				</script>';
 			require("../header.php");
 			echo "<div class=breadcrumb>$breadcrumbbase ";
-			if ($cid>0 && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+			if ($cid>0 && (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 				echo "<a href=\"../course/course.php?cid=$cid\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 			}
 			if ($type=='sent') {
@@ -588,14 +588,14 @@ function updateTo(el) {
 	$placeinhead = "<script type=\"text/javascript\" src=\"$imasroot/javascript/msg.js?v=072217\"></script>";
 	$placeinhead .= "<script type=\"text/javascript\">var AHAHsaveurl = '". $GLOBALS['basesiteurl'] . "/msgs/savetagged.php?cid=$cid';</script>";
 	$placeinhead .= '<style type="text/css"> tr.tagged {background-color: #dff;}</style>';
-	if (isset($sessiondata['ltiitemtype'])) {
+	if (isset($_SESSION['ltiitemtype'])) {
 		$nologo = true;
 	}
 	require("../header.php");
 	$curdir = rtrim(dirname(__FILE__), '/\\');
 
 	echo "<div class=breadcrumb>$breadcrumbbase ";
-	if ($cid>0 && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+	if ($cid>0 && (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 		echo " <a href=\"../course/course.php?cid=$cid\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 	}
 	echo " Message List</div>";
diff --git a/msgs/sentlist.php b/msgs/sentlist.php
index 3c4c9623b1..2cc54dae01 100644
--- a/msgs/sentlist.php
+++ b/msgs/sentlist.php
@@ -81,7 +81,7 @@
 	require("../header.php");
 
 	echo "<div class=breadcrumb>$breadcrumbbase ";
-	if ($cid>0 && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+	if ($cid>0 && (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 		echo " <a href=\"../course/course.php?cid=$cid\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 	}
 	echo " Sent Message List</div>";
diff --git a/msgs/viewmsg.php b/msgs/viewmsg.php
index cb90a5280d..9c6be1da3f 100644
--- a/msgs/viewmsg.php
+++ b/msgs/viewmsg.php
@@ -64,7 +64,7 @@ function showtrimmed(el) {
 		</script>';
 	require("../header.php");
 	echo "<div class=breadcrumb>$breadcrumbbase ";
-	if ($cid>0 && (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltiitemtype']!=0)) {
+	if ($cid>0 && (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltiitemtype']!=0)) {
 		echo " <a href=\"../course/course.php?cid=$cid\">".Sanitize::encodeStringForDisplay($coursename)."</a> &gt; ";
 	}
 	if ($type=='sent') {
diff --git a/multiembedq.php b/multiembedq.php
index feb8f2c60d..dd8c5c91c8 100644
--- a/multiembedq.php
+++ b/multiembedq.php
@@ -25,17 +25,17 @@
 require("i18n/i18n.php");
 require("includes/JWT.php");
 header('P3P: CP="ALL CUR ADM OUR"');
-$sessiondata = array();
+$_SESSION = array();
 /*
 if (isset($_GET['graphdisp'])) {
-	$sessiondata['graphdisp'] = intval($_GET['graphdisp']);
-	setcookie("multiembedq-graphdisp", $sessiondata['graphdisp']);
+	$_SESSION['graphdisp'] = intval($_GET['graphdisp']);
+	setcookie("multiembedq-graphdisp", $_SESSION['graphdisp']);
 } else if (isset($_COOKIE['multiembedq-graphdisp'])) {
-	$sessiondata['graphdisp'] = intval($_COOKIE['multiembedq-graphdisp']);
+	$_SESSION['graphdisp'] = intval($_COOKIE['multiembedq-graphdisp']);
 } else {
-	$sessiondata['graphdisp'] = 1;
+	$_SESSION['graphdisp'] = 1;
 }
-$sessiondata['mathdisp'] = 3;
+$_SESSION['mathdisp'] = 3;
 */
 $prefdefaults = array(
 	'mathdisp'=>1,
@@ -45,31 +45,31 @@
 	'livepreview'=>1);
 
 $prefcookie = json_decode($_COOKIE["embedquserprefs"], true);
-$sessiondata['userprefs'] = array();
+$_SESSION['userprefs'] = array();
 foreach($prefdefaults as $key=>$def) {
 	if ($prefcookie!==null && isset($prefcookie[$key])) {
-		$sessiondata['userprefs'][$key] = filter_var($prefcookie[$key], FILTER_SANITIZE_NUMBER_INT);
+		$_SESSION['userprefs'][$key] = filter_var($prefcookie[$key], FILTER_SANITIZE_NUMBER_INT);
 	} else {
-		$sessiondata['userprefs'][$key] = $def;
+		$_SESSION['userprefs'][$key] = $def;
 	}
 }
 if (isset($_GET['graphdisp'])) { //currently same is used for graphdisp and drawentry
-	$sessiondata['userprefs']['graphdisp'] = filter_var($_GET['graphdisp'], FILTER_SANITIZE_NUMBER_INT);
-	$sessiondata['userprefs']['drawentry'] = filter_var($_GET['graphdisp'], FILTER_SANITIZE_NUMBER_INT);
+	$_SESSION['userprefs']['graphdisp'] = filter_var($_GET['graphdisp'], FILTER_SANITIZE_NUMBER_INT);
+	$_SESSION['userprefs']['drawentry'] = filter_var($_GET['graphdisp'], FILTER_SANITIZE_NUMBER_INT);
 	setcookie("embedquserprefs", json_encode(array(
-		'graphdisp'=>$sessiondata['userprefs']['graphdisp'],
-		'drawentry'=>$sessiondata['userprefs']['drawentry']
+		'graphdisp'=>$_SESSION['userprefs']['graphdisp'],
+		'drawentry'=>$_SESSION['userprefs']['drawentry']
 		)),0,'','',false,true);
 }
 foreach(array('graphdisp','mathdisp','useed') as $key) {
-	$sessiondata[$key] = $sessiondata['userprefs'][$key];
+	$_SESSION[$key] = $_SESSION['userprefs'][$key];
 }
 
 $showtips = 2;
 $useeqnhelper = 4;
 $useeditor = 1;
 $courseUIver = 1;
-$sessiondata['secsalt'] = "12345";
+$_SESSION['secsalt'] = "12345";
 $cid = "embedq";
 
 if (isset($CFG['GEN']['JWTsecret'])) {
@@ -236,7 +236,7 @@ function sendresizemsg() {
 		$(window).on("ImathasEmbedReload", sendresizemsg);
 	});
 	</script>';
-	if ($sessiondata['mathdisp']==1 || $sessiondata['mathdisp']==3) {
+	if ($_SESSION['mathdisp']==1 || $_SESSION['mathdisp']==3) {
 		//in case MathJax isn't loaded yet
 		$placeinhead .= '<script type="text/x-mathjax-config">
 			MathJax.Hub.Queue(function () {
@@ -246,10 +246,10 @@ function sendresizemsg() {
 	}
 }
 if ($theme != '') {
-	$sessiondata['coursetheme'] = $theme.'.css';
+	$_SESSION['coursetheme'] = $theme.'.css';
 }
 require("./assessment/header.php");
-if ($sessiondata['graphdisp'] == 1) {
+if ($_SESSION['graphdisp'] == 1) {
 	echo '<div style="position:absolute;width:1px;height:1px;left:0px:top:-1px;overflow:hidden;"><a href="multiembedq.php?'.Sanitize::encodeStringForDisplay($_SERVER['QUERY_STRING']).'&graphdisp=0">' . _('Enable text based alternatives for graph display and drawing entry') . '</a></div>';
 }
 echo '<script type="text/javascript">var assesspostbackurl="' .$urlmode. Sanitize::domainNameWithPort($_SERVER['HTTP_HOST']) . $imasroot . '/multiembedq.php?embedpostback=true&action=scoreembed";</script>';
diff --git a/setupdb.php b/setupdb.php
index 2922bff809..e6408fb7c2 100644
--- a/setupdb.php
+++ b/setupdb.php
@@ -374,20 +374,6 @@
 $DBH->query($sql);
 echo 'imas_firstscores created<br/>';
 
-$sql = 'CREATE TABLE `imas_sessions` ('
-        . ' `sessionid` VARCHAR(32) NOT NULL, '
-        . ' `userid` INT(10) UNSIGNED NOT NULL, '
-        . ' `time` INT(10) UNSIGNED NOT NULL, '
-	. ' `tzoffset` SMALLINT(4) NOT NULL DEFAULT \'0\', '
-	. ' `tzname` VARCHAR(254) NOT NULL DEFAULT \'\', '
-	. ' `sessiondata` TEXT NOT NULL, '
-        . ' PRIMARY KEY (`sessionid`), INDEX(`time`), INDEX(`userid`) '
-        . ' )'
-        . ' ENGINE = InnoDB'
-        . ' COMMENT = \'Session data\';';
-$DBH->query($sql);
-echo 'imas_sessions created<br/>';
-
 $sql = 'CREATE TABLE `imas_inlinetext` ('
         . ' `id` INT(10) UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, '
         . ' `courseid` INT(10) UNSIGNED NOT NULL, '
diff --git a/upgrade.php b/upgrade.php
index a49ef6b298..d186ae4416 100644
--- a/upgrade.php
+++ b/upgrade.php
@@ -18,9 +18,9 @@
 	//store in the $latest_oldstyle, which matches the version in dbsetup
 	$stm = $DBH->prepare("INSERT INTO imas_dbschema (id,ver) VALUES (:id, :ver)");
 	$stm->execute(array(':id'=>1, ':ver'=>$latest_oldstyle));
-	
+
 	$last = $latest_oldstyle;
-	
+
 	//now we'll run the new-style migration stuff
 } else {  //called from web or cli - doing upgrade
 	$c = file_get_contents("config.php");
@@ -1391,11 +1391,6 @@
 			 }
 		}
 		if ($last<80) {
-			$query = 'ALTER TABLE imas_sessions ADD `tzname` VARCHAR(255) NOT NULL DEFAULT \'\'';
-			 $res = $DBH->query($query);
-			 if ($res===false) {
-			 	 echo "<p>Query failed: ($query) : ".$DBH->errorInfo()."</p>";
-			 }
 			 echo "<p><b>Important</b>: This update adds improved timezone handling, fixing issues that ";
 			 echo "were occurring on servers set for UTC. Utilizing the improvements requires PHP 5.1 or higher ";
 			 echo "and requires updating your local loginpage.php file. See changes to loginpage.php.dist; changes are ";
@@ -1811,11 +1806,7 @@
 			echo '<p>Added assessment sessions ver</p>';
 		}
 		if ($last<114) {
-			$query = "ALTER TABLE  `imas_sessions` ADD INDEX ( `userid` )";
-			$res = $DBH->query($query);
-			if ($res===false) {
-				echo "<p>Query failed: ($query) : ".$DBH->errorInfo()."</p>";
-			}
+		
 		}
 		if ($last<115) {
 			$query = "ALTER TABLE  `imas_users` ADD `FCMtoken` VARCHAR(512) NOT NULL DEFAULT '';";
@@ -1853,9 +1844,9 @@
 			$query = "UPDATE imas_teachers SET hidefromcourselist=1 WHERE courseid IN ";
 			$query .= "(SELECT id FROM imas_courses WHERE available>1)";
 			$res = $DBH->query($query);
-			
+
 			$query = "UPDATE imas_courses SET available=available-2 WHERE available>1 AND available<4";
-			$res = $DBH->query($query);	
+			$res = $DBH->query($query);
 		}
 		if ($last<119) {
 			$query = "ALTER TABLE  `imas_questions` ADD `fixedseeds` TEXT NULL DEFAULT NULL;";
@@ -1864,22 +1855,22 @@
 			 	 echo "<p>Query failed: ($query) : ".$DBH->errorInfo()."</p>";
 			 }
 		}
-	
+
 /***
   end older DB update stuff
 ***/
-	if ($last<119) { 
+	if ($last<119) {
 		//if we just ran any of those changes, update DB, otherwise
 		//let Migrator handle updating the ver
 		$stm = $DBH->prepare("UPDATE imas_dbschema SET ver=:ver WHERE id=1");
 		$stm->execute(array(':ver'=>$latest_oldstyle));
 	}
-		
+
 	$migrator = new Migrator($DBH, (isset($dbsetup) && $dbsetup==true));
 	$migrator->migrateAll();
 
 	echo "Migrations complete.  At version ";
 	echo Sanitize::encodeStringForDisplay($migrator->getLatestVersionApplied());
-	
+
 
 ?>
diff --git a/util/ptx.php b/util/ptx.php
index 5a12dd62b0..b41bad9134 100644
--- a/util/ptx.php
+++ b/util/ptx.php
@@ -16,27 +16,27 @@
  }
 $basesiteurl = $urlmode  . Sanitize::domainNameWithPort($_SERVER['HTTP_HOST']) . $imasroot;
 
-$sessiondata = array();
+$_SESSION = array();
 $prefdefaults = array(
 	'mathdisp'=>1,
 	'graphdisp'=>2,
 	'drawentry'=>1,
 	'useed'=>0,
 	'livepreview'=>0);
-$sessiondata['userprefs'] = array();
+$_SESSION['userprefs'] = array();
 foreach($prefdefaults as $key=>$def) {
-	$sessiondata['userprefs'][$key] = $def;
+	$_SESSION['userprefs'][$key] = $def;
 }
 foreach(array('graphdisp','mathdisp','useed') as $key) {
-	$sessiondata[$key] = $sessiondata['userprefs'][$key];
+	$_SESSION[$key] = $_SESSION['userprefs'][$key];
 }
-$sessiondata['texdisp'] = true;
+$GLOBALS['texdisp'] = true;
 
 $showtips = 0;
 $useeqnhelper = 0;
-$sessiondata['drill']['cid'] = 0;
-$sessiondata['drill']['sa'] = 0;
-$sessiondata['secsalt'] = "12345";
+$_SESSION['drill']['cid'] = 0;
+$_SESSION['drill']['sa'] = 0;
+$_SESSION['secsalt'] = "12345";
 $cid = "mbx";
 if (empty($_GET['id'])) {
 	echo 'Need to supply an id';
diff --git a/util/utils.php b/util/utils.php
index 7923fb18e7..b8c0510e73 100644
--- a/util/utils.php
+++ b/util/utils.php
@@ -1,11 +1,9 @@
 <?php
 
 require("../init.php");
-if (isset($sessiondata['emulateuseroriginaluser']) && isset($_GET['unemulateuser'])) {
-	$stm = $DBH->prepare("UPDATE imas_sessions SET userid=:userid WHERE sessionid=:sessionid");
-	$stm->execute(array(':userid'=>$sessiondata['emulateuseroriginaluser'], ':sessionid'=>$sessionid));
-	unset($sessiondata['emulateuseroriginaluser']);
-	writesessiondata();
+if (isset($_SESSION['emulateuseroriginaluser']) && isset($_GET['unemulateuser'])) {
+	$_SESSION['userid'] = $_SESSION['emulateuseroriginaluser'];
+	unset($_SESSION['emulateuseroriginaluser']);
 	header('Location: ' . $GLOBALS['basesiteurl'] . "/index.php?r=" .Sanitize::randomQueryStringParam());
 	exit;
 }
@@ -20,10 +18,8 @@
 			exit;
 		}
 	}
-	$sessiondata['emulateuseroriginaluser'] = $userid;
-	writesessiondata();
-	$stm = $DBH->prepare("UPDATE imas_sessions SET userid=:userid WHERE sessionid=:sessionid");
-	$stm->execute(array(':userid'=>$emu_id, ':sessionid'=>$sessionid));
+	$_SESSION['emulateuseroriginaluser'] = $userid;
+	$_SESSION['userid'] = $emu_id;
 	header('Location: ' . $GLOBALS['basesiteurl'] . "/index.php?r=" .Sanitize::randomQueryStringParam());
 	exit;
 }
@@ -51,24 +47,24 @@
 	$query .= "SET ili.deleted=0 WHERE ili.libid=0 AND iq.deleted=0";
 	$stm = $DBH->query($query);
 	$n1 = $stm->rowCount();
-	
+
 	//if any still have no undeleted library items, then they must not have an unassigned entry to undelete, so add it
 	$query = "INSERT INTO imas_library_items (libid,qsetid,ownerid,junkflag,deleted,lastmoddate) ";
 	$query .= "(SELECT 0,ili.qsetid,iq.ownerid,0,0,iq.lastmoddate FROM imas_library_items AS ili JOIN imas_questionset AS iq ON iq.id=ili.qsetid WHERE iq.deleted=0 GROUP BY ili.qsetid HAVING min(ili.deleted)=1)";
 	$stm = $DBH->query($query);
 	$n2 = $stm->rowCount();
-	
+
 	//if there are any questions with NO library items, add an unassigned one
 	$query = "INSERT INTO imas_library_items (libid,qsetid,ownerid,junkflag,deleted,lastmoddate) ";
 	$query .= "(SELECT 0,iq.id,iq.ownerid,0,iq.deleted,iq.lastmoddate FROM imas_questionset AS iq LEFT JOIN imas_library_items AS ili ON iq.id=ili.qsetid WHERE ili.id IS NULL)";
 	$stm = $DBH->query($query);
 	$n3 = $stm->rowCount();
-	
+
 	//make unassigned deleted if there's also an undeleted other library
 	$query = "UPDATE imas_library_items AS A JOIN imas_library_items AS B ON A.qsetid=B.qsetid AND A.deleted=0 AND B.deleted=0 ";
 	$query .= "SET A.deleted=1 WHERE A.libid=0 AND B.libid>0";
 	$stm = $DBH->query($query);
-	
+
 	echo '<p>'.($n1+$n2+$n3). ' questions with no libraries fixed</p>';
 	echo '<p><a href="utils.php">Utils</a></p>';
 	exit;
@@ -106,20 +102,20 @@
 	echo '<p>Updated '.$chg.' records.</p><p><a href="utils.php">Utils</a></p>';
 	exit;
 }
-	
+
 if (isset($_GET['fixdupgrades'])) {
 	$query = 'DELETE imas_grades FROM imas_grades JOIN ';
 	$query .= "(SELECT min(id) as minid,refid FROM imas_grades WHERE gradetype='forum' AND refid>0 GROUP BY refid having count(id)>1) AS duplic ";
 	$query .= "ON imas_grades.refid=duplic.refid AND imas_grades.gradetype='forum' WHERE imas_grades.id > duplic.minid";
 	$stm = $DBH->query($query);
 	echo "Removed ".($stm->rowCount())." duplicate forum grade records.<br/>";
-	
+
 	$query = 'DELETE imas_grades FROM imas_grades JOIN ';
 	$query .= "(SELECT min(id) as minid,gradetypeid,userid FROM imas_grades WHERE gradetype='offline' GROUP BY gradetypeid,userid having count(id)>1) AS duplic ";
 	$query .= "ON imas_grades.gradetypeid=duplic.gradetypeid AND imas_grades.userid=duplic.userid AND imas_grades.gradetype='offline' WHERE imas_grades.id > duplic.minid";
 	$stm = $DBH->query($query);
 	echo "Removed ".($stm->rowCount())." duplicate offline grade records.<br/>";
-	
+
 	$stm = $DBH->query("DELETE imas_grades FROM imas_grades LEFT JOIN imas_forum_posts ON imas_grades.refid=imas_forum_posts.id WHERE imas_grades.gradetype='forum' AND imas_forum_posts.userid IS NULL");
 	echo "Removed ".($stm->rowCount())." orphaned forum grade records without a corresponding post.<br/>";
 
diff --git a/validate.php b/validate.php
index aaa312847e..039f4e6a79 100644
--- a/validate.php
+++ b/validate.php
@@ -53,66 +53,33 @@
 	echo "Error.  Please <a href=\"$imasroot/index.php\">try again</a>";
 	exit;
  }
- $sessiondata = array();
- $stm = $DBH->prepare("SELECT * FROM imas_sessions WHERE sessionid=:sessionid");
- $stm->execute(array(':sessionid'=>$sessionid));
- if ($stm->rowCount()>0) {
- 	 $line = $stm->fetch(PDO::FETCH_ASSOC);
- 	 $userid = $line['userid'];
- 	 $tzoffset = $line['tzoffset'];
- 	 $tzname = '';
- 	 if (isset($line['tzname']) && $line['tzname']!='') {
- 	 	if (date_default_timezone_set($line['tzname'])) {
- 	 		$tzname = $line['tzname'];
+ if (!empty($_SESSION['userid'])) { // logged in
+   $userid = $_SESSION['userid'];
+   $tzoffset = $_SESSION['tzoffset'];
+   $tzname = '';
+ 	 if (isset($_SESSION['tzname']) && $_SESSION['tzname']!='') {
+ 	 	if (date_default_timezone_set($_SESSION['tzname'])) {
+ 	 		$tzname = $_SESSION['tzname'];
  	 	}
  	 }
- 	 $enc = $line['sessiondata'];
-	 if ($enc!='0') {
-		 $sessiondata = unserialize(base64_decode($enc));
-		 //delete own session if old and not posting
-		 if ((time()-$line['time'])>24*60*60 && (!isset($_POST) || count($_POST)==0)) {
-			$stm = $DBH->prepare("DELETE FROM imas_sessions WHERE userid=:userid");
-			$stm->execute(array(':userid'=>$userid));
-			unset($userid);
-		 }
-	 } else {
-	 	 //no reason we should be here...
-		 if (!empty($_SERVER['QUERY_STRING'])) {
-			 $querys = '?' . Sanitize::fullQueryString($_SERVER['QUERY_STRING']) . (isset($addtoquerystring) ? '&' . Sanitize::fullQueryString($addtoquerystring) : '');
-		 } else {
-			 $querys = (!empty($addtoquerystring) ? '?' . Sanitize::fullQueryString($addtoquerystring) : '');
-		 }
-
-		 $sessiondata['useragent'] = $_SERVER['HTTP_USER_AGENT'];
-		 $sessiondata['ip'] = $_SERVER['REMOTE_ADDR'];
-
-		 require_once("$curdir/includes/userprefs.php");
-		 generateuserprefs();
-
-		 $sessiondata['secsalt'] = generaterandstring();
-		 if (isset($_POST['savesettings'])) {
-			 setcookie('mathgraphprefs',$_POST['mathdisp'].'-'.$_POST['graphdisp'],2000000000, '', '', false, true);
-		 }
-		 $enc = base64_encode(serialize($sessiondata));
-		 $stm = $DBH->prepare("UPDATE imas_sessions SET sessiondata=:sessiondata WHERE sessionid=:sessionid");
-		 $stm->execute(array(':sessiondata'=>$enc, ':sessionid'=>$sessionid));
-
-		// $now = time();
-		$stm = $DBH->prepare("INSERT INTO imas_log (time,log) VALUES (:now,:log)");
-		$stm->execute(array(':now'=>$now, ':log'=>"$userid login from IP:{$_SERVER['REMOTE_ADDR']}"));
-
-		// checks if the array $querys is empty
-        if (!empty($querys)){
-            $rqp = "&r=" .Sanitize::randomQueryStringParam();
-        } else {
-            $rqp = "?r=" .Sanitize::randomQueryStringParam();
-        }
-
-		 header('Location: ' . $GLOBALS['basesiteurl'] . substr($_SERVER['SCRIPT_NAME'],strlen($imasroot)) . $querys . $rqp);
-		 exit;
-	 }
-
+   if ((time()-$_SESSION['time'])>24*60*60 && (!isset($_POST) || count($_POST)==0)) {
+    $wasLTI = isset($_SESSION['ltiitemtype']);
+    unset($_SESSION['userid']);
+    unset($userid);
+    $_SESSION = array();
+		if (isset($_COOKIE[session_name()])) {
+			setcookie(session_name(), '', time()-42000, '/', null, false, true);
+		}
+		session_destroy();
+    if ($wasLTI) {
+      require('header.php');
+      echo _('Your session has expired. Please go back to your LMS and open this assignment again.');
+      require('footer.php');
+      exit;
+    }
+  }
  }
+ 
  $hasusername = isset($userid);
  $haslogin = isset($_POST['password']);
  if (!$hasusername && !$haslogin && isset($_GET['guestaccess']) && isset($CFG['GEN']['guesttempaccts'])) {
@@ -149,19 +116,9 @@
  	exit;
  }
  $verified = false;  $err = '';
+ $now = time();
  //Just put in username and password, trying to log in
  if ($haslogin && !$hasusername) {
-	  $now = time();
-	  //clean up old sessions
-	 //REMOVED since deleting old sessions can trigger login on LTI launches over 25 hours
-	 // $old = $now - 25*60*60;
-	 //$stm = $DBH->prepare("DELETE FROM imas_sessions WHERE time<:old");
-	 //$stm->execute(array(':old'=>$old));
-	 if (rand(1,100)==1) { //1% of the time clear out really old sessions
-		 $reallyold = $now-30*24*60*60;
-		 $stm = $DBH->prepare("DELETE FROM imas_sessions WHERE time<:time");
-		 $stm->execute(array(':time'=>$reallyold));
-	 }
 
 	 if (isset($CFG['GEN']['guesttempaccts']) && $_POST['username']=='guest') { // create a temp account when someone logs in w/ username: guest
 	 	$stm = $DBH->query('SELECT ver FROM imas_dbschema WHERE id=2');
@@ -237,29 +194,25 @@
 			exit;
 		 }
 
-		 $sessiondata['useragent'] = $_SERVER['HTTP_USER_AGENT'];
-		 $sessiondata['ip'] = $_SERVER['REMOTE_ADDR'];
-		 $sessiondata['secsalt'] = generaterandstring();
+		 $_SESSION['useragent'] = $_SERVER['HTTP_USER_AGENT'];
+		 $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
+		 $_SESSION['secsalt'] = generaterandstring();
 
 		 if (!isset($_POST['tzoffset'])) {
 			 $_POST['tzoffset'] = 0;
 		 }
 		 if (isset($_POST['tzname'])) {
-		 	 $sessiondata['logintzname'] = $_POST['tzname'];
+		 	 $_SESSION['logintzname'] = $_POST['tzname'];
 		 }
 		 require_once("$curdir/includes/userprefs.php");
 		 generateuserprefs();
 
-		 $enc = base64_encode(serialize($sessiondata));
-
-		 if (isset($_POST['tzname']) && strpos(basename($_SERVER['PHP_SELF']),'upgrade.php')===false) {
-		 	 $stm = $DBH->prepare("INSERT INTO imas_sessions (sessionid,userid,time,tzoffset,tzname,sessiondata) VALUES (:sessionid, :userid, :time, :tzoffset, :tzname, :sessiondata)");
-		 	 $stm->execute(array(':sessionid'=>$sessionid, ':userid'=>$userid, ':time'=>$now, ':tzoffset'=>$_POST['tzoffset'], ':tzname'=>$_POST['tzname'], ':sessiondata'=>$enc));
-		 } else {
-		 	 $stm = $DBH->prepare("INSERT INTO imas_sessions (sessionid,userid,time,tzoffset,sessiondata) VALUES (:sessionid, :userid, :time, :tzoffset, :sessiondata)");
-		 	 $stm->execute(array(':sessionid'=>$sessionid, ':userid'=>$userid, ':time'=>$now, ':tzoffset'=>$_POST['tzoffset'], ':sessiondata'=>$enc));
-		 }
-
+     $_SESSION['userid'] = $userid;
+     $_SESSION['time'] = $now;
+     $_SESSION['tzoffset'] = $_POST['tzoffset'];
+     if (isset($_POST['tzname']) && strpos(basename($_SERVER['PHP_SELF']),'upgrade.php')===false) {
+       $_SESSION['tzname'] = $_POST['tzname'];
+     }
 
 		 if (isset($CFG['GEN']['newpasswords']) && strlen($line['password'])==32) { //old password - rehash it
 		 	 $hashpw = password_hash($_POST['password'], PASSWORD_DEFAULT);
@@ -329,14 +282,9 @@
  //has logged in already
  if ($hasusername) {
 	//check validity, if desired
-	if (($sessiondata['useragent'] != $_SERVER['HTTP_USER_AGENT']) || ($sessiondata['ip'] != $_SERVER['REMOTE_ADDR'])) {
+	if (($_SESSION['useragent'] != $_SERVER['HTTP_USER_AGENT']) || ($_SESSION['ip'] != $_SERVER['REMOTE_ADDR'])) {
 		//suggests sidejacking.  Delete session and require relogin
-		/*
-		$query = "DELETE FROM imas_sessions WHERE userid='$userid'";
-		mysql_query($query) or die("Query failed : " . mysql_error());
-		header('Location: ' . $GLOBALS['basesiteurl'] . substr($_SERVER['SCRIPT_NAME'],strlen($imasroot)) . Sanitize::url($querys));
-		exit;
-		*/
+		//   caused issues so removed
 	}
 	//$username = $_COOKIE['username'];
 	$query = "SELECT SID,rights,groupid,LastName,FirstName,deflib";
@@ -351,18 +299,17 @@
 	$myrights = $line['rights'];
 	$myspecialrights = $line['specialrights'];
 	$userHasAdminMFA = false;
-	if (($myrights>40 || $myspecialrights>0) && !empty($line['mfa']) && empty($sessiondata['mfaverified'])) {
+	if (($myrights>40 || $myspecialrights>0) && !empty($line['mfa']) && empty($_SESSION['mfaverified'])) {
 		$mfadata = json_decode($line['mfa'], true);
 		if (isset($_COOKIE['gat']) && isset($mfadata['trusted'])) {
 			foreach ($mfadata['trusted'] as $mfatoken) {
 				if ($mfatoken == $_COOKIE['gat']) {
-					$sessiondata['mfaverified'] = true;
-					writesessiondata();
+					$_SESSION['mfaverified'] = true;
 					break;
 				}
 			}
 		}
-		if (empty($sessiondata['mfaverified'])) {
+		if (empty($_SESSION['mfaverified'])) {
 			$userHasAdminMFA = true;
 			$myrights = 40;
 			$myspecialrights = 0;
@@ -380,60 +327,54 @@
 	$FCMtoken = $line['FCMtoken'];
 	$userfullname = $line['FirstName'] . ' ' . $line['LastName'];
 	$inInstrStuView = false;
-	if (!isset($sessiondata['userprefs']) && strpos(basename($_SERVER['PHP_SELF']),'upgrade.php')===false) {
+	if (!isset($_SESSION['userprefs']) && strpos(basename($_SERVER['PHP_SELF']),'upgrade.php')===false) {
 		//userprefs are missing!  They should be defined from initial session setup
 		//we should never be here. But in case we are, reload prefs
 		require_once("$curdir/includes/userprefs.php");
 		generateuserprefs(true);
 	}
-	if (isset($sessiondata['userprefs']['usertheme']) && strcmp($sessiondata['userprefs']['usertheme'],'0')!=0) {
-		$coursetheme = $sessiondata['userprefs']['usertheme'];
+	if (isset($_SESSION['userprefs']['usertheme']) && strcmp($_SESSION['userprefs']['usertheme'],'0')!=0) {
+		$coursetheme = $_SESSION['userprefs']['usertheme'];
 	}
 
 	if (!empty($line['forcepwreset']) && (empty($_GET['action']) || $_GET['action']!='forcechgpwd')
-		&& (!isset($sessiondata['ltiitemtype']) || $sessiondata['ltirole']!='learner')
-		&& !isset($sessiondata['emulateuseroriginaluser'])) {
+		&& (!isset($_SESSION['ltiitemtype']) || $_SESSION['ltirole']!='learner')
+		&& !isset($_SESSION['emulateuseroriginaluser'])) {
 		 header('Location: ' . $GLOBALS['basesiteurl'] . '/forms.php?action=forcechgpwd&r='.Sanitize::randomQueryStringParam());
 		 exit;
 	}
 
 	$basephysicaldir = rtrim(dirname(__FILE__), '/\\');
-	if ($myrights==100 && (isset($_GET['debug']) || isset($sessiondata['debugmode']))) {
+	if ($myrights==100 && (isset($_GET['debug']) || isset($_SESSION['debugmode']))) {
 		ini_set('display_errors',1);
 		error_reporting(E_ALL ^ E_NOTICE);
 		if (isset($_GET['debug'])) {
-			$sessiondata['debugmode'] = true;
-			writesessiondata();
+			$_SESSION['debugmode'] = true;
 		}
 	}
 	if (isset($_GET['fullwidth'])) {
-		$sessiondata['usefullwidth'] = true;
+		$_SESSION['usefullwidth'] = true;
 		$usefullwidth = true;
-		writesessiondata();
-	} else if (isset($sessiondata['usefullwidth'])) {
+	} else if (isset($_SESSION['usefullwidth'])) {
 		$usefullwidth = true;
 	}
 
 	if (isset($_GET['mathdisp'])) {
-		$sessiondata['mathdisp'] = intval($_GET['mathdisp']);
-		writesessiondata();
+		$_SESSION['mathdisp'] = intval($_GET['mathdisp']);
 	}
 
 	if (isset($_GET['readernavon'])) {
-		$sessiondata['readernavon'] = true;
-		writesessiondata();
+		$_SESSION['readernavon'] = true;
 	}
 	if (isset($_GET['useflash'])) {
-		$sessiondata['useflash'] = true;
-		writesessiondata();
+		$_SESSION['useflash'] = true;
 	}
 	if (isset($_GET['graphdisp'])) {
-		$sessiondata['graphdisp'] = $_GET['graphdisp'];
-		writesessiondata();
+		$_SESSION['graphdisp'] = $_GET['graphdisp'];
 	}
-	if (isset($sessiondata['isdiag'])) { // && strpos(basename($_SERVER['PHP_SELF']),'showtest.php')===false) {
+	if (isset($_SESSION['isdiag'])) { // && strpos(basename($_SERVER['PHP_SELF']),'showtest.php')===false) {
 		$urlparts = parse_url($_SERVER['PHP_SELF']);
-		if ($sessiondata['diag_aver'] == 1 &&
+		if ($_SESSION['diag_aver'] == 1 &&
       !in_array(basename($urlparts['path']),array('showtest.php','ltiuserprefs.php'))
     ) {
 			header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php?r=".Sanitize::randomQueryStringParam());
@@ -441,15 +382,14 @@
 		} // TODO: handle assess2 case
 	}
 
-	if (isset($sessiondata['ltiitemtype']) && $_SERVER['PHP_SELF']==$imasroot.'/index.php') {
+	if (isset($_SESSION['ltiitemtype']) && $_SERVER['PHP_SELF']==$imasroot.'/index.php') {
 		if ($myrights>18) {
-			foreach ($sessiondata as $k=>$v) {
+			foreach ($_SESSION as $k=>$v) {
 				if (substr($k,0,3)=='lti') {
-					unset($sessiondata[$k]);
+					unset($_SESSION[$k]);
 				}
 			}
-			writesessiondata();
-		} else if ($sessiondata['ltiitemtype']==0 && $sessiondata['ltirole']=='learner') {
+		} else if ($_SESSION['ltiitemtype']==0 && $_SESSION['ltirole']=='learner') {
 			require(__DIR__.'/includes/userutils.php');
 			logout();
 			header('Location: ' . $GLOBALS['basesiteurl'] . '/index.php?r='.Sanitize::randomQueryStringParam());
@@ -457,19 +397,19 @@
 		}
 	}
 
-	if (isset($sessiondata['ltiitemtype'])) {
+	if (isset($_SESSION['ltiitemtype'])) {
 		$hideAllHeaderNav = true;
-		if ($sessiondata['ltiitemtype']==1) {
-			if (strpos(basename($_SERVER['PHP_SELF']),'showtest.php')===false && isset($_GET['cid']) && $sessiondata['ltiitemid']!=$_GET['cid']) {
+		if ($_SESSION['ltiitemtype']==1) {
+			if (strpos(basename($_SERVER['PHP_SELF']),'showtest.php')===false && isset($_GET['cid']) && $_SESSION['ltiitemid']!=$_GET['cid']) {
 				echo "You do not have access to this page";
-				echo "<a href=\"$imasroot/course/course.php?cid={$sessiondata['ltiitemid']}\">Return to course page</a>";
+				echo "<a href=\"$imasroot/course/course.php?cid={$_SESSION['ltiitemid']}\">Return to course page</a>";
 				exit;
 			}
-		} else if ($sessiondata['ltiitemtype']==0 && $sessiondata['ltirole']=='learner') {
-      if (isset($sessiondata['ltiitemver']) && $sessiondata['ltiitemver'] > 1) {
-        $breadcrumbbase = "<a href=\"$imasroot/assess2/?cid=".Sanitize::courseId($_GET['cid'])."&aid={$sessiondata['ltiitemid']}\">Assignment</a> &gt; ";
+		} else if ($_SESSION['ltiitemtype']==0 && $_SESSION['ltirole']=='learner') {
+      if (isset($_SESSION['ltiitemver']) && $_SESSION['ltiitemver'] > 1) {
+        $breadcrumbbase = "<a href=\"$imasroot/assess2/?cid=".Sanitize::courseId($_GET['cid'])."&aid={$_SESSION['ltiitemid']}\">Assignment</a> &gt; ";
       } else {
-        $breadcrumbbase = "<a href=\"$imasroot/assessment/showtest.php?cid=".Sanitize::courseId($_GET['cid'])."&id={$sessiondata['ltiitemid']}\">Assignment</a> &gt; ";
+        $breadcrumbbase = "<a href=\"$imasroot/assessment/showtest.php?cid=".Sanitize::courseId($_GET['cid'])."&id={$_SESSION['ltiitemid']}\">Assignment</a> &gt; ";
       }
 			$urlparts = parse_url($_SERVER['PHP_SELF']);
 			$allowedinLTI = array('showtest.php','printtest.php','msglist.php','sentlist.php','viewmsg.php','msghistory.php',
@@ -483,16 +423,16 @@
 			if (!in_array(basename($urlparts['path']),$allowedinLTI)) {
 			//if (strpos(basename($_SERVER['PHP_SELF']),'showtest.php')===false && strpos(basename($_SERVER['PHP_SELF']),'printtest.php')===false && strpos(basename($_SERVER['PHP_SELF']),'msglist.php')===false && strpos(basename($_SERVER['PHP_SELF']),'sentlist.php')===false && strpos(basename($_SERVER['PHP_SELF']),'viewmsg.php')===false ) {
 				$stm = $DBH->prepare("SELECT courseid FROM imas_assessments WHERE id=:id");
-				$stm->execute(array(':id'=>$sessiondata['ltiitemid']));
+				$stm->execute(array(':id'=>$_SESSION['ltiitemid']));
 				$cid = Sanitize::courseId($stm->fetchColumn(0));
-        if (isset($sessiondata['ltiitemver']) && $sessiondata['ltiitemver'] > 1) {
-          header('Location: ' . $GLOBALS['basesiteurl'] . "/assess2/?cid=$cid&aid={$sessiondata['ltiitemid']}&r=".Sanitize::randomQueryStringParam());
+        if (isset($_SESSION['ltiitemver']) && $_SESSION['ltiitemver'] > 1) {
+          header('Location: ' . $GLOBALS['basesiteurl'] . "/assess2/?cid=$cid&aid={$_SESSION['ltiitemid']}&r=".Sanitize::randomQueryStringParam());
         } else {
-				  header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php?cid=$cid&id={$sessiondata['ltiitemid']}&r=".Sanitize::randomQueryStringParam());
+				  header('Location: ' . $GLOBALS['basesiteurl'] . "/assessment/showtest.php?cid=$cid&id={$_SESSION['ltiitemid']}&r=".Sanitize::randomQueryStringParam());
         }
 				exit;
 			}
-		} else if ($sessiondata['ltirole']=='instructor') {
+		} else if ($_SESSION['ltirole']=='instructor') {
 			$breadcrumbbase = "<a href=\"$imasroot/ltihome.php?showhome=true\">LTI Home</a> &gt; ";
 		} else {
 			$breadcrumbbase = '';
@@ -501,11 +441,11 @@
 		$breadcrumbbase = "<a href=\"$imasroot/index.php\">Home</a> &gt; ";
 	}
 
-	if ((isset($_GET['cid']) && $_GET['cid']!="admin" && $_GET['cid']>0) || (isset($sessiondata['courseid']) && strpos(basename($_SERVER['PHP_SELF']),'showtest.php')!==false)) {
+	if ((isset($_GET['cid']) && $_GET['cid']!="admin" && $_GET['cid']>0) || (isset($_SESSION['courseid']) && strpos(basename($_SERVER['PHP_SELF']),'showtest.php')!==false)) {
 		if (isset($_GET['cid'])) {
 			$cid = Sanitize::courseId($_GET['cid']);
 		} else {
-			$cid = Sanitize::courseId($sessiondata['courseid']);
+			$cid = Sanitize::courseId($_SESSION['courseid']);
 		}
 		$stm = $DBH->prepare("SELECT id,locked,timelimitmult,section,latepass,lastaccess FROM imas_students WHERE userid=:userid AND courseid=:courseid");
 		$stm->execute(array(':userid'=>$userid, ':courseid'=>$cid));
@@ -523,17 +463,16 @@
 				exit;
 			} else {
 				$now = time();
-				if (!isset($sessiondata['lastaccess'.$cid]) || $now-$sessiondata['lastaccess'.$cid] > 24*3600) {
+				if (!isset($_SESSION['lastaccess'.$cid]) || $now-$_SESSION['lastaccess'.$cid] > 24*3600) {
 					$stm = $DBH->prepare("UPDATE imas_students SET lastaccess=:lastaccess WHERE id=:id");
 					$stm->execute(array(':lastaccess'=>$now, ':id'=>$studentid));
-					$sessiondata['lastaccess'.$cid] = $now;
+					$_SESSION['lastaccess'.$cid] = $now;
 					$stm = $DBH->prepare("INSERT INTO imas_login_log (userid,courseid,logintime) VALUES (:userid, :courseid, :logintime)");
 					$stm->execute(array(':userid'=>$userid, ':courseid'=>$cid, ':logintime'=>$now));
-					$sessiondata['loginlog'.$cid] = $DBH->lastInsertId();
-					writesessiondata();
+					$_SESSION['loginlog'.$cid] = $DBH->lastInsertId();
 				} else if (isset($CFG['GEN']['keeplastactionlog'])) {
 					$stm = $DBH->prepare("UPDATE imas_login_log SET lastaction=:lastaction WHERE id=:id");
-					$stm->execute(array(':lastaction'=>$now, ':id'=>$sessiondata['loginlog'.$cid]));
+					$stm->execute(array(':lastaction'=>$now, ':id'=>$_SESSION['loginlog'.$cid]));
 				}
 			}
 		} else {
@@ -544,14 +483,12 @@
 				if ($myrights>19) {
 					$teacherid = $line['id'];
 					if (isset($_GET['stuview'])) {
-						$sessiondata['stuview'] = $_GET['stuview'];
-						writesessiondata();
+						$_SESSION['stuview'] = $_GET['stuview'];
 					}
 					if (isset($_GET['teachview'])) {
-						unset($sessiondata['stuview']);
-						writesessiondata();
+						unset($_SESSION['stuview']);
 					}
-					if (isset($sessiondata['stuview'])) {
+					if (isset($_SESSION['stuview'])) {
 						$inInstrStuView = true;
 						unset($teacherid);
 						$studentid = $line['id'];
@@ -598,8 +535,8 @@
 				$coursetheme = $usertheme;
 			} else
 			*/
-			if (isset($sessiondata['userprefs']['usertheme']) && strcmp($sessiondata['userprefs']['usertheme'],'0')!=0) {
-				$coursetheme = $sessiondata['userprefs']['usertheme'];
+			if (isset($_SESSION['userprefs']['usertheme']) && strcmp($_SESSION['userprefs']['usertheme'],'0')!=0) {
+				$coursetheme = $_SESSION['userprefs']['usertheme'];
 			} else if (isset($CFG['CPS']['theme']) && $CFG['CPS']['theme'][1]==0) {
 				$coursetheme = $defaultcoursetheme;
 			} else if (isset($CFG['CPS']['themelist']) && strpos($CFG['CPS']['themelist'], $coursetheme)===false) {
@@ -693,13 +630,6 @@ function tzdate($string,$time) {
 	  //return gmdate($string, $time-60*$tzoffset);
   }
 
-  function writesessiondata() {
-	  global $DBH,$sessiondata,$sessionid;
-	  $enc = base64_encode(serialize($sessiondata));
-	  $now = time();
-	  $stm = $DBH->prepare("UPDATE imas_sessions SET sessiondata=:sessiondata,time=:time WHERE sessionid=:sessionid");
-	  $stm->execute(array(':sessiondata'=>$enc, ':time'=>$now, ':sessionid'=>$sessionid));
-  }
   function checkeditorok() {
 	  $ua = $_SERVER['HTTP_USER_AGENT'];
 	  if (strpos($ua,'iPhone')!==false || strpos($ua,'iPad')!==false) {