sub check_sid {
  my $login = shift;
  my $usr_id = shift;
  my $sid = param('SID');
  #load old sid by GET-param()
  my $dbh = dbi_connection();
  $CGI::Session::MySQL::TABLE_NAME = 'sessions';
  my $session = CGI::Session->load("driver:mysql", $sid, {Handle=>$dbh}) 
  or die CGI::Session->errstr;
  if ($session->is_expired) {
    print 'Deine SessionID ("', $sid ,'") ist abgelaufen, bitte <a href="sprechstunde.cgi">logge dich neu ein</a>!';
    del_session($sid);
    exit 0;
  }
  #only while login we can have a empty sid
  if ($session->is_empty) {
    if ($login) {
      del_session(undef, $usr_id);
      $session = $session->new();
      $session->expire('+10s');
      create_session($session->id, $usr_id);
    } else {
      my $tmpl = HTML::Template::Compiled->new(filename => '../templates/sp_login.htc');
      print $tmpl->param(PROB =>"Session-ID Problem!<br />\n");
      print $tmpl->output(), "\n";   
      exit 0; 
    }
  }
  return $session->id;
}#sub check_sid()

sub del_session {
  my ($sid, $usr_id) = @_;
  my $dbh = dbi_connection();
  my $statement;
  if ($sid) {
    $statement = "DELETE FROM sessions WHERE id=?";
  } elsif ($usr_id) {
    $statement = "DELETE FROM sessions WHERE user_id=?";
  }
  my $sth = $dbh->prepare($statement);
  $sth->execute($sid?$sid:$usr_id) or die $DBI::errstr;
  $dbh->disconnect() or die $DBI::errstr;
}#sub del_session()

sub create_session {
  my ($sid, $usr_id) = @_;
  my $dbh = dbi_connection();
  my $sth = $dbh->prepare("UPDATE sessions SET user_id=? WHERE id=?");
  $sth->execute($usr_id, $sid) or die $DBI::errstr;
  $dbh->disconnect() or die $DBI::errstr;
}