diff --git includes/bootstrap.inc includes/bootstrap.inc
index 39a0cb3..7027fb3 100644
--- includes/bootstrap.inc
+++ includes/bootstrap.inc
@@ -577,8 +577,8 @@ function variable_init($conf = array(), $regenerate = FALSE, $recursion_depth =
       // Wait for another request that is already doing this work.
       lock_wait('variable_cache_regenerate');
 
-      // Run the function again. Try a limited number of times to avoid 
-      // infinite recursion if the database connection is invalid for  
+      // Run the function again. Try a limited number of times to avoid
+      // infinite recursion if the database connection is invalid for
       // some reason, e.g., mysqld restart, loss of network, etc.
       $recursion_depth++;
       if ($recursion_depth < 50) {
@@ -650,7 +650,7 @@ function variable_set($name, $value) {
   if (is_string($db_prefix) && strpos($db_prefix, 'simpletest') === 0) {
     cache_clear_all('variables', 'cache');
   }
-  
+
   variable_cache_rebuild();
 }
 
@@ -679,7 +679,7 @@ function variable_del($name) {
   if (is_string($db_prefix) && strpos($db_prefix, 'simpletest') === 0) {
     cache_clear_all('variables', 'cache');
   }
-  
+
   variable_cache_rebuild();
 }
 
@@ -802,7 +802,7 @@ function drupal_set_header($name = NULL, $value = NULL, $append = FALSE) {
   if (!isset($name)) {
     return $headers;
   }
-  
+
   // Support the Drupal 6 header API
   if (!isset($value)) {
     if (strpos($name, ':') !== FALSE) {
@@ -1412,7 +1412,7 @@ function drupal_bootstrap($phase = NULL) {
       _drupal_bootstrap($current_phase);
     }
   }
-  
+
   return $phase_index;
 }
 
@@ -1472,7 +1472,7 @@ function _drupal_bootstrap($phase) {
       // those using APC or memcached.
       require_once variable_get('lock_inc', './includes/lock.inc');
       lock_init();
-      
+
       // Detect if an installation is present.
       detect_installation_or_run_installer();
 
@@ -1523,11 +1523,11 @@ function _drupal_bootstrap($phase) {
         // We are done.
         exit;
       }
-  
+
       if (!$cache && drupal_page_is_cacheable() && $cache_mode != CACHE_EXTERNAL) {
         header('X-Drupal-Cache: MISS');
       }
-      
+
       // If using an external cache and the page is cacheable, set headers.
       if ($cache_mode == CACHE_EXTERNAL && drupal_page_is_cacheable()) {
         drupal_page_cache_header_external();
@@ -1668,17 +1668,17 @@ function ip_address() {
 
   if (!isset($ip_address)) {
     $ip_address = $_SERVER['REMOTE_ADDR'];
-    
+
     // Only use parts of the X-Forwarded-For (XFF) header that have followed a trusted route.
     // Specifically, identify the leftmost IP address in the XFF header that is not one of ours.
     // An XFF header is: X-Forwarded-For: client1, proxy1, proxy2
     if (isset($_SERVER['HTTP_' . variable_get('x_forwarded_for_header', 'X_FORWARDED_FOR')]) && variable_get('reverse_proxy', 0)) {
       // Load trusted reverse proxy server IPs.
       $reverse_proxy_addresses = variable_get('reverse_proxy_addresses', array());
-      
+
       // Turn XFF header into an array.
       $forwarded = explode(',', $_SERVER['HTTP_' . variable_get('x_forwarded_for_header', 'X_FORWARDED_FOR')]);
-      
+
       // Trim the forwarded IPs; they may have been delimited by commas and spaces.
       $forwarded = array_map('trim', $forwarded);
 
@@ -1687,7 +1687,7 @@ function ip_address() {
 
       // Eliminate all trusted IPs.
       $untrusted = array_diff($forwarded, $reverse_proxy_addresses);
-      
+
       // The right-most IP is the most specific we can trust.
       $ip_address = array_pop($untrusted);
     }
@@ -1697,141 +1697,6 @@ function ip_address() {
 }
 
 /**
- * Initialize the session handler, starting a session if needed.
- */
-function drupal_session_initialize() {
-  global $user;
-   
-  session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy_sid', 'sess_gc');
- 
-  if (isset($_COOKIE[session_name()])) {
-    // If a session cookie exists, initialize the session. Otherwise the
-    // session is only started on demand in drupal_session_commit(), making
-    // anonymous users not use a session cookie unless something is stored in
-    // $_SESSION. This allows HTTP proxies to cache anonymous pageviews.
-    drupal_session_start();
-    if (!empty($user->uid) || !empty($_SESSION)) {
-      drupal_page_is_cacheable(FALSE);
-    }
-  }
-  else {
-    // Set a session identifier for this request. This is necessary because
-    // we lazyly start sessions at the end of this request, and some
-    // processes (like drupal_get_token()) needs to know the future
-    // session ID in advance.
-    $user = drupal_anonymous_user();
-    session_id(md5(uniqid('', TRUE)));
-  }
-}
-
-/**
- * Forcefully start a session, preserving already set session data.
- */
-function drupal_session_start() {
-  if (!drupal_session_started()) {
-    // Save current session data before starting it, as PHP will destroy it.
-    $session_data = isset($_SESSION) ? $_SESSION : NULL;
-    session_start();
-    drupal_session_started(TRUE);
-    // Restore session data.
-    if (!empty($session_data)) {
-      $_SESSION += $session_data;
-    }
-  }
-}
-
-/**
- * Commit the current session, if necessary.
- *
- * If an anonymous user already has an empty session, destroy it.
- */
-function drupal_session_commit() {
-  global $user;
-
-  if (empty($user->uid) && empty($_SESSION)) {
-    if (drupal_session_started() && drupal_save_session()) {
-      // Destroy empty anonymous sessions.
-      drupal_session_destroy();
-    }
-  }
-  else if (drupal_save_session()) {
-    if (!drupal_session_started()) {
-      drupal_session_start();
-    }
-    // Write the session data.
-    session_write_close();
-  }
-}
-
-/**
- * Return whether a session has been started.
- */  
-function drupal_session_started($set = NULL) {
-  static $session_started = FALSE;
-  if (isset($set)) {
-    $session_started = $set;
-  }
-  return $session_started && session_id();
-}
-
-/**
- * Called when an anonymous user becomes authenticated or vice-versa.
- */
-function drupal_session_regenerate() {
-  global $user;
-
-  // Set the session cookie "httponly" flag to reduce the risk of session
-  // stealing via XSS.
-  extract(session_get_cookie_params());
-
-  if (version_compare(PHP_VERSION, '5.2.0') === 1) {
-    session_set_cookie_params($lifetime, $path, $domain, $secure, TRUE);
-  }
-  else {
-    session_set_cookie_params($lifetime, $path, $domain, $secure);
-  }
-
-  if (drupal_session_started()) {
-    $old_session_id = session_id();
-    session_regenerate_id();
-  }
-  else {
-    // Start the session when it doesn't exist yet.
-    // Preserve the logged in user, as it will be reset to anonymous
-    // by _sess_read.
-    $account = $user;
-    drupal_session_start();
-    $user = $account;
-  }
-
-  if (isset($old_session_id)) {
-    db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
-  }
-}
-
-/**
- * Determine whether to save session data of the current request.
- *
- * This function allows the caller to temporarily disable writing of
- * session data, should the request end while performing potentially
- * dangerous operations, such as manipulating the global $user object.
- * See http://drupal.org/node/218104 for usage.
- *
- * @param $status
- *   Disables writing of session data when FALSE, (re-)enables
- *   writing when TRUE.
- * @return
- *   FALSE if writing session data has been disabled. Otherwise, TRUE.
- */
-function drupal_save_session($status = NULL) {
-  static $save_session = TRUE;
-  if (isset($status)) {
-    $save_session = $status;
-  }
-  return $save_session;
-}
-	
-/**
  * Returns the current bootstrap phase for this Drupal process.
  *
  * The current phase is the one most recently completed by drupal_bootstrap().
@@ -1875,7 +1740,7 @@ function drupal_generate_test_ua($prefix) {
     // check the HMAC before the database is initialized. filectime()
     // and fileinode() are not easily determined from remote.
 //    $filepath = DRUPAL_ROOT . '/includes/bootstrap.inc';
-    $filepath = './includes/bootstrap.inc';                
+    $filepath = './includes/bootstrap.inc';
 //    $key = sha1(serialize($databases) . filectime($filepath) . fileinode($filepath), TRUE);
     $key = sha1(serialize($db_url) . filectime($filepath) . fileinode($filepath), TRUE);
   }
@@ -1903,7 +1768,7 @@ function drupal_is_cli() {
  */
 function drupal_session_destroy() {
   session_destroy();
-  
+
   // Workaround PHP 5.2 fatal error "Failed to initialize storage module".
   // @see http://bugs.php.net/bug.php?id=32330
   session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy_sid', 'sess_gc');
diff --git includes/session.inc includes/session.inc
index a94251d..3319fe7 100644
--- includes/session.inc
+++ includes/session.inc
@@ -139,7 +139,7 @@ function sess_destroy_sid($sid) {
         setcookie(session_name(), '', $_SERVER['REQUEST_TIME'] - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
       }
       else {
-        setcookie(session_name(), '', $_SERVER['REQUEST_TIME'] - 3600, $params['path'], $params['domain'], $params['secure']);      
+        setcookie(session_name(), '', $_SERVER['REQUEST_TIME'] - 3600, $params['path'], $params['domain'], $params['secure']);
       }
       unset($_COOKIE[session_name()]);
     }
@@ -173,3 +173,138 @@ function sess_gc($lifetime) {
 function session_save_session($status = NULL) {
   return drupal_save_session($status);
 }
+
+/**
+ * Initialize the session handler, starting a session if needed.
+ */
+function drupal_session_initialize() {
+  global $user;
+
+  session_set_save_handler('sess_open', 'sess_close', 'sess_read', 'sess_write', 'sess_destroy_sid', 'sess_gc');
+
+  if (isset($_COOKIE[session_name()])) {
+    // If a session cookie exists, initialize the session. Otherwise the
+    // session is only started on demand in drupal_session_commit(), making
+    // anonymous users not use a session cookie unless something is stored in
+    // $_SESSION. This allows HTTP proxies to cache anonymous pageviews.
+    drupal_session_start();
+    if (!empty($user->uid) || !empty($_SESSION)) {
+      drupal_page_is_cacheable(FALSE);
+    }
+  }
+  else {
+    // Set a session identifier for this request. This is necessary because
+    // we lazyly start sessions at the end of this request, and some
+    // processes (like drupal_get_token()) needs to know the future
+    // session ID in advance.
+    $user = drupal_anonymous_user();
+    session_id(md5(uniqid('', TRUE)));
+  }
+}
+
+/**
+ * Forcefully start a session, preserving already set session data.
+ */
+function drupal_session_start() {
+  if (!drupal_session_started()) {
+    // Save current session data before starting it, as PHP will destroy it.
+    $session_data = isset($_SESSION) ? $_SESSION : NULL;
+    session_start();
+    drupal_session_started(TRUE);
+    // Restore session data.
+    if (!empty($session_data)) {
+      $_SESSION += $session_data;
+    }
+  }
+}
+
+/**
+ * Commit the current session, if necessary.
+ *
+ * If an anonymous user already has an empty session, destroy it.
+ */
+function drupal_session_commit() {
+  global $user;
+
+  if (empty($user->uid) && empty($_SESSION)) {
+    if (drupal_session_started() && drupal_save_session()) {
+      // Destroy empty anonymous sessions.
+      drupal_session_destroy();
+    }
+  }
+  else if (drupal_save_session()) {
+    if (!drupal_session_started()) {
+      drupal_session_start();
+    }
+    // Write the session data.
+    session_write_close();
+  }
+}
+
+/**
+ * Return whether a session has been started.
+ */
+function drupal_session_started($set = NULL) {
+  static $session_started = FALSE;
+  if (isset($set)) {
+    $session_started = $set;
+  }
+  return $session_started && session_id();
+}
+
+/**
+ * Called when an anonymous user becomes authenticated or vice-versa.
+ */
+function drupal_session_regenerate() {
+  global $user;
+
+  // Set the session cookie "httponly" flag to reduce the risk of session
+  // stealing via XSS.
+  extract(session_get_cookie_params());
+
+  if (version_compare(PHP_VERSION, '5.2.0') === 1) {
+    session_set_cookie_params($lifetime, $path, $domain, $secure, TRUE);
+  }
+  else {
+    session_set_cookie_params($lifetime, $path, $domain, $secure);
+  }
+
+  if (drupal_session_started()) {
+    $old_session_id = session_id();
+    session_regenerate_id();
+  }
+  else {
+    // Start the session when it doesn't exist yet.
+    // Preserve the logged in user, as it will be reset to anonymous
+    // by _sess_read.
+    $account = $user;
+    drupal_session_start();
+    $user = $account;
+  }
+
+  if (isset($old_session_id)) {
+    db_query("UPDATE {sessions} SET sid = '%s' WHERE sid = '%s'", session_id(), $old_session_id);
+  }
+}
+
+/**
+ * Determine whether to save session data of the current request.
+ *
+ * This function allows the caller to temporarily disable writing of
+ * session data, should the request end while performing potentially
+ * dangerous operations, such as manipulating the global $user object.
+ * See http://drupal.org/node/218104 for usage.
+ *
+ * @param $status
+ *   Disables writing of session data when FALSE, (re-)enables
+ *   writing when TRUE.
+ * @return
+ *   FALSE if writing session data has been disabled. Otherwise, TRUE.
+ */
+function drupal_save_session($status = NULL) {
+  static $save_session = TRUE;
+  if (isset($status)) {
+    $save_session = $status;
+  }
+  return $save_session;
+}