Name the session with the certificate ($cert), and start the php session.
Check if the session object is present. If not present, exit with error code "CER" => Certificate error, either the $cert was wrong, or the session environment cannot be retrieved.
If the session is started successfully, declare all session variables as global (this exports all variables from the session array as global varaibles).
Verify if the remote client ip address has not suspiciously changed. If the IP is not same as in the session variable IP property, then exit with error code "TIP".
Connect the system database using the appropriate db object.
Evaluate every library object document defined in the library list property of the session object.
Declare all the variable from GET,POST and FILE php arrays, defined as expected in the source code execution ($act) by the developer through $nsdgetvars and $ndpostvars arrays, as global variables.
Unserialize registered objects from the session object list property (cf keepobject method of the session object). This provide an effective way to set the Class definitions inside versionned documents, avoiding .INC flat versioning.
Track everything in the audit trail, and check if session is not timed out.