diff --git a/www/admin/class_test.debug.php b/www/admin/class_test.debug.php
index 9ecbd919..340c2383 100644
--- a/www/admin/class_test.debug.php
+++ b/www/admin/class_test.debug.php
@@ -24,9 +24,7 @@ define('USE_DATABASE', false);
 // sample config
 require 'config.php';
 // set session name
-if (!defined('SET_SESSION_NAME')) {
-	define('SET_SESSION_NAME', EDIT_SESSION_NAME);
-}
+$GLOBALS['SET_SESSION_NAME'] = EDIT_SESSION_NAME;
 // define log file id
 $LOG_FILE_ID = 'classTest-debug';
 ob_end_flush();
@@ -37,7 +35,13 @@ use CoreLibs\Debug\Support as DebugSupport;
 use CoreLibs\Debug\FileWriter;
 
 $basic = new CoreLibs\Basic();
-$debug = new CoreLibs\Debug\Logging();
+$debug = new CoreLibs\Debug\Logging([
+	'log_folder' => BASE . LOG,
+	'file_id' => $LOG_FILE_ID,
+	'debug_all' => $DEBUG_ALL,
+	'print_all' => $PRINT_ALL,
+	'echo_all' => $ECHO_ALL,
+]);
 $debug_support_class = 'CoreLibs\Debug\Support';
 $debug_logging_class = 'CoreLibs\Debug\Logging';
 
diff --git a/www/lib/CoreLibs/ACL/Login.php b/www/lib/CoreLibs/ACL/Login.php
index 8e5fe10a..484758b5 100644
--- a/www/lib/CoreLibs/ACL/Login.php
+++ b/www/lib/CoreLibs/ACL/Login.php
@@ -69,6 +69,7 @@ declare(strict_types=1);
 namespace CoreLibs\ACL;
 
 use CoreLibs\Check\Password;
+use CoreLibs\Create\Session;
 
 class Login extends \CoreLibs\DB\IO
 {
@@ -184,12 +185,13 @@ class Login extends \CoreLibs\DB\IO
 		}
 
 		// initial the session if there is no session running already
-		// TODO: move that to outside
-		\CoreLibs\Create\Session::startSession();
-		// check if session exists
-		if (!session_id()) {
-			echo '<b>Session not started!</b><br>Use \'session_start();\'.<br>';
-			echo 'For less problems with other session, you can set a session name with \'session_name("name");\'.<br>';
+		// check if session exists and could be created
+		// TODO: move session creation and check to outside?
+		if (Session::startSession() === false) {
+			echo '<b>Session not started or could not be started!</b><br>'
+				. 'Use \'\CoreLibs\Create\Session::startSession();\'.<br>'
+				. 'For less problems with other session, you can set a '
+				. 'session name with \'\CoreLibs\Create\Session::startSession(\'name\');\'.<br>';
 			exit;
 		}
 
@@ -209,7 +211,7 @@ class Login extends \CoreLibs\DB\IO
 		$this->login_is_ajax_page = isset($GLOBALS['AJAX_PAGE']) && $GLOBALS['AJAX_PAGE'] ? true : false;
 		// set the default lang
 		$lang = 'en_utf8';
-		if (session_id() !== false && !empty($_SESSION['DEFAULT_LANG'])) {
+		if (Session::getSessionId() !== false && !empty($_SESSION['DEFAULT_LANG'])) {
 			$lang = $_SESSION['DEFAULT_LANG'];
 		} else {
 			$lang = defined('SITE_LANG') ? SITE_LANG : DEFAULT_LANG;
@@ -408,11 +410,12 @@ class Login extends \CoreLibs\DB\IO
 				$this->login_error = 102;
 			} else {
 				// we have to get the themes in here too
-				$q = "SELECT eu.edit_user_id, username, password, eu.edit_group_id, "
+				$q = "SELECT eu.edit_user_id, eu.username, eu.password, "
+					. "eu.edit_group_id, "
 					. "eg.name AS edit_group_name, admin, "
 					. "eu.login_error_count, eu.login_error_date_last, "
 					. "eu.login_error_date_first, eu.strict, eu.locked, "
-					. "debug, db_debug, "
+					. "eu.debug, eu.db_debug, "
 					. "eareu.level AS user_level, eareu.type AS user_type, "
 					. "eareg.level AS group_level, eareg.type AS group_type, "
 					. "eu.enabled, el.short_name AS lang_short, el.iso_name AS lang_iso, "
@@ -477,8 +480,9 @@ class Login extends \CoreLibs\DB\IO
 						$this->loginCheckPermissions();
 						if ($this->login_error == 0) {
 							// now set all session vars and read page permissions
-							$GLOBALS['DEBUG_ALL'] = $_SESSION['DEBUG_ALL'] = $res['debug'];
-							$GLOBALS['DB_DEBUG'] = $_SESSION['DB_DEBUG'] = $res['db_debug'];
+							$_SESSION['DEBUG_ALL'] = $this->dbBoolean($res['debug']);
+							$_SESSION['DB_DEBUG'] = $this->dbBoolean($res['db_debug']);
+							// general info for user logged in
 							$_SESSION['USER_NAME'] = $res['username'];
 							$_SESSION['ADMIN'] = $res['admin'];
 							$_SESSION['GROUP_NAME'] = $res['edit_group_name'];
@@ -687,14 +691,6 @@ class Login extends \CoreLibs\DB\IO
 				$this->permission_okay = false;
 				return $this->permission_okay;
 			}
-			// unset mem limit if debug is set to 1
-			// if (
-			// 	($GLOBALS["DEBUG_ALL"] || $GLOBALS["DB_DEBUG"] ||
-			// 	$_SESSION["DEBUG_ALL"] || $_SESSION["DB_DEBUG"]) &&
-			// 	ini_get('memory_limit') != -1
-			// ) {
-			// 	ini_set('memory_limit', '-1');
-			// }
 			if (isset($res['filename']) && $res['filename'] == $this->page_name) {
 				$this->permission_okay = true;
 			} else {
@@ -714,21 +710,39 @@ class Login extends \CoreLibs\DB\IO
 	{
 		if ($this->logout || $this->login_error) {
 			// unregister and destroy session vars
-			unset($_SESSION['EUID']);
-			unset($_SESSION['GROUP_ACL_LEVEL']);
-			unset($_SESSION['USER_ACL_LEVEL']);
-			unset($_SESSION['PAGES']);
-			unset($_SESSION['USER_NAME']);
-			unset($_SESSION['UNIT']);
-			unset($_SESSION['DEBUG_ALL']);
-			unset($_SESSION['DB_DEBUG']);
-			unset($GLOBALS['DEBUG_ALL']);
-			unset($GLOBALS['DB_DEBUG']);
-			unset($_SESSION['LANG']);
-			unset($_SESSION['DEFAULT_CHARSET']);
-			unset($_SESSION['DEFAULT_LANG']);
-			unset($_SESSION['GROUP_NAME']);
-			unset($_SESSION['HEADER_COLOR']);
+			foreach (
+				// TODO move this into some global array for easier update
+				[
+					'ADMIN',
+					'BASE_ACL_LEVEL',
+					'DB_DEBUG',
+					'DEBUG_ALL',
+					'DEFAULT_ACL_LIST',
+					'DEFAULT_CHARSET',
+					'DEFAULT_LANG',
+					'EAID',
+					'EUID',
+					'GROUP_ACL_LEVEL',
+					'GROUP_ACL_TYPE',
+					'GROUP_NAME',
+					'HEADER_COLOR',
+					'LANG',
+					'PAGES_ACL_LEVEL',
+					'PAGES',
+					'TEMPLATE',
+					'UNIT_ACL_LEVEL',
+					'UNIT_DEFAULT',
+					'UNIT',
+					'USER_ACL_LEVEL',
+					'USER_ACL_TYPE',
+					'USER_NAME',
+				] as $session_var
+			) {
+				unset($_SESSION[$session_var]);
+			}
+			// final unset all
+			session_unset();
+			// final destroy session
 			session_destroy();
 			// then prints the login screen again
 			$this->permission_okay = false;
@@ -1384,7 +1398,7 @@ EOM;
 				$q .= "NULL, ";
 			}
 		}
-		$q .= "'" . session_id() . "', ";
+		$q .= "'" . Session::getSessionId() . "', ";
 		$q .= "'" . $this->dbEscapeString($this->action) . "', ";
 		$q .= "'" . $this->dbEscapeString($this->username) . "', ";
 		$q .= "NULL, ";
diff --git a/www/lib/CoreLibs/Admin/Backend.php b/www/lib/CoreLibs/Admin/Backend.php
index ad0649c8..0a176f4a 100644
--- a/www/lib/CoreLibs/Admin/Backend.php
+++ b/www/lib/CoreLibs/Admin/Backend.php
@@ -252,7 +252,10 @@ class Backend extends \CoreLibs\DB\IO
 			. "'" . $this->dbEscapeString($_SERVER['HTTP_ACCEPT'] ?? '') . "', "
 			. "'" . $this->dbEscapeString($_SERVER['HTTP_ACCEPT_CHARSET'] ?? '') . "', "
 			. "'" . $this->dbEscapeString($_SERVER['HTTP_ACCEPT_ENCODING'] ?? '') . "', "
-			. "'" . session_id() . "', "
+			. (\CoreLibs\Create\Session::getSessionId() === false ?
+				"NULL" :
+				"'" . \CoreLibs\Create\Session::getSessionId() . "'")
+			. ", "
 			. "'" . $this->dbEscapeString($this->action) . "', "
 			. "'" . $this->dbEscapeString($this->action_id) . "', "
 			. "'" . $this->dbEscapeString($this->action_yes) . "', "
diff --git a/www/lib/CoreLibs/Create/Session.php b/www/lib/CoreLibs/Create/Session.php
index 2318b4a9..5cebe210 100644
--- a/www/lib/CoreLibs/Create/Session.php
+++ b/www/lib/CoreLibs/Create/Session.php
@@ -1,10 +1,15 @@
 <?php
 
 /*
+ * AUTHOR: Clemens Schwaighofer
+ * DESCRIPTION:
  * start a php sesseion
  * name can be given via startSession parameter
  * if not set tries to read $SET_SESSION_NAME from global
  * if this is not set tries to read SET_SESSION_NAME constant
+ *
+ * TODO: add _SESSION write unset
+ * TODO: add session close down with all _SESSION vars unset
  */
 
 declare(strict_types=1);
@@ -28,10 +33,22 @@ class Session
 	 */
 	public static function startSession(?string $session_name = null)
 	{
+		// we can't start sessions on command line
+		if (php_sapi_name() === 'cli') {
+			return false;
+		}
+		// if session are OFF
+		if (self::getSessionStatus() === PHP_SESSION_DISABLED) {
+			return false;
+		}
+		// session_status
 		// initial the session if there is no session running already
-		if (!session_id()) {
+		if (!self::checkActiveSession()) {
+			// if session name is emtpy, check if there is a global set
+			// this is a deprecated fallback
 			$session_name = $session_name ?? $GLOBALS['SET_SESSION_NAME'] ?? '';
 			// check if we have an external session name given, else skip this step
+			// this is a deprecated fallback
 			if (
 				empty($session_name) &&
 				defined('SET_SESSION_NAME') &&
@@ -47,11 +64,15 @@ class Session
 			// start session
 			session_start();
 		}
+		// if we still have no active session
+		if (!self::checkActiveSession()) {
+			return false;
+		}
 		return self::getSessionId();
 	}
 
 	/**
-	 * Undocumented function
+	 * get current set session id or false if none started
 	 *
 	 * @return string|bool
 	 */
@@ -61,7 +82,7 @@ class Session
 	}
 
 	/**
-	 * Undocumented function
+	 * get set session name or false if none started
 	 *
 	 * @return string|bool
 	 */
@@ -69,6 +90,36 @@ class Session
 	{
 		return session_name();
 	}
+
+	/**
+	 * Checks if there is an active session.
+	 * Does not check if we can have a session
+	 *
+	 * @return boolean True if there is an active session, else false
+	 */
+	public static function checkActiveSession(): bool
+	{
+		if (self::getSessionStatus() === PHP_SESSION_ACTIVE) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	/**
+	 * get session status
+	 * PHP_SESSION_DISABLED if sessions are disabled.
+	 * PHP_SESSION_NONE if sessions are enabled, but none exists.
+	 * PHP_SESSION_ACTIVE if sessions are enabled, and one exists.
+	 *
+	 * https://www.php.net/manual/en/function.session-status.php
+	 *
+	 * @return int
+	 */
+	public static function getSessionStatus(): int
+	{
+		return session_status();
+	}
 }
 
 // __END__
diff --git a/www/lib/CoreLibs/DB/IO.php b/www/lib/CoreLibs/DB/IO.php
index 59d47849..a88dcb10 100644
--- a/www/lib/CoreLibs/DB/IO.php
+++ b/www/lib/CoreLibs/DB/IO.php
@@ -390,7 +390,14 @@ class IO
 		$this->db_type = $db_config['db_type'] ?? '';
 		$this->db_ssl = !empty($db_config['db_ssl']) ? $db_config['db_ssl'] : 'allow';
 		// set debug, either via global var, or from config, else set to false
-		$this->dbSetDebug($GLOBALS['DB_DEBUG'] ?? $db_config['db_debug'] ?? false);
+		$this->dbSetDebug(
+			$db_config['db_debug'] ??
+			// should be handled from outside
+			$_SESSION['DB_DEBUG'] ??
+			// globals should be deprecated
+			$GLOBALS['DB_DEBUG'] ??
+			false
+		);
 
 		// set the target encoding to the DEFAULT_ENCODING if it is one of them: EUC, Shift_JIS, UTF-8
 		// @ the moment set only from outside
@@ -2040,10 +2047,13 @@ class IO
 	}
 
 	/**
-	 * if the input is a single char 't' or 'f' it will return the boolean value instead
-	 * @param  string|bool  $string 't' / 'f' or any string, or bool true/false
-	 * @param  boolean      $rev    do reverse (bool to string)
-	 * @return bool|string          correct php boolean true/false or postgresql 't'/'f'
+	 * if the input is a single char 't' or 'f
+	 * it will return the boolean value instead
+	 * also converts smallint 1/0 to true false
+	 * @param  string|bool|int $string 't' / 'f' or any string, or bool true/false
+	 * @param  boolean         $rev    do reverse (bool to string)
+	 * @return bool|string             correct php boolean true/false
+	 *                                 or postgresql 't'/'f'
 	 */
 	public function dbBoolean($string, $rev = false)
 	{
diff --git a/www/lib/CoreLibs/Debug/Logging.php b/www/lib/CoreLibs/Debug/Logging.php
index e4be8498..786ba37d 100644
--- a/www/lib/CoreLibs/Debug/Logging.php
+++ b/www/lib/CoreLibs/Debug/Logging.php
@@ -177,9 +177,19 @@ class Logging
 		} elseif (!empty($GLOBALS['LOG_FILE_ID'])) {
 			// legacy flow, should be removed and only set via options
 			$this->setLogId($GLOBALS['LOG_FILE_ID']);
+			// TODO trigger deprecation error
+			// trigger_error(
+			// 	'Debug\Logging: Do not use globals LOG_FILE_ID to set log id for Logging',
+			// 	E_USER_DEPRECATED
+			// );
 		} elseif (defined('LOG_FILE_ID')) {
 			// legacy flow, should be removed and only set via options
 			$this->setLogId(LOG_FILE_ID);
+			// trigger deprecation error
+			// trigger_error(
+			// 	'Debug\Logging: Do not use constant LOG_FILE_ID to set log id for Logging',
+			// 	E_USER_DEPRECATED
+			// );
 		}
 
 		// init the log levels
@@ -214,37 +224,45 @@ class Logging
 					isset($GLOBALS[$up_type]) &&
 					is_array($GLOBALS[$up_type])
 				) {
+					// TODO trigger deprecation error
 					$this->setLogLevel($type, $flag, $GLOBALS[$up_type]);
 				}
 			}
 		}
 
+		// TODO remove all $GLOBALS call and only use options
 		// all overrule
 		$this->setLogLevelAll(
 			'debug',
 			$this->options['debug_all'] ??
+				// for user login, should be handled outside like globals
+				$_SESSION['DEBUG_ALL'] ??
 				$GLOBALS['DEBUG_ALL'] ??
 				false
 		);
+		$this->setLogLevelAll(
+			'print',
+			$this->options['print_all'] ??
+				// for user login, should be handled outside like globals
+				$_SESSION['DEBUG_ALL'] ??
+				$GLOBALS['PRINT_ALL'] ??
+				false
+		);
 		$this->setLogLevelAll(
 			'echo',
 			$this->options['echo_all'] ??
 				$GLOBALS['ECHO_ALL'] ??
 				false
 		);
-		$this->setLogLevelAll(
-			'print',
-			$this->options['print_all'] ??
-				$GLOBALS['PRINT_ALL'] ??
-				false
-		);
 
 		// GLOBAL rules for log writing
+		// add file date is default on
 		$this->setGetLogPrintFileDate(
 			$this->options['print_file_date'] ??
 				$GLOBALS['LOG_PRINT_FILE_DATE'] ??
 				true
 		);
+		// all other logging file name flags are off
 		$this->setLogPer(
 			'level',
 			$this->options['per_level'] ??