diff --git a/TODO b/TODO
new file mode 100644
index 000000000..909e8370b
--- /dev/null
+++ b/TODO
@@ -0,0 +1,9 @@
+TODO
+* Deprecate WebGUI::Session::HTTP - replace with WebGUI::Request/Response
+* Turn logger into $self->request->env->{'psgi.errors'}->print(join '', @stuff);
+
+DONE
+* $session->request is now a Plack::Request object
+* serverObject gone from WebGUI::Session::open()
+* WebGUI::authen API changed
+* urlHandler API changed - no longer gets server, config
\ No newline at end of file
diff --git a/lib/WebGUI.pm b/lib/WebGUI.pm
index 96e5dd230..f8b6eef09 100644
--- a/lib/WebGUI.pm
+++ b/lib/WebGUI.pm
@@ -162,8 +162,8 @@ sub dispatch {
             }
         }
     }
+    
     $session->close;
-
     return $session->response->finalize;
 }
 
diff --git a/lib/WebGUI/Session.pm b/lib/WebGUI/Session.pm
index 1b8d8733f..43dc23601 100644
--- a/lib/WebGUI/Session.pm
+++ b/lib/WebGUI/Session.pm
@@ -460,7 +460,7 @@ sub open {
 	bless $self , $class;
 	$self->{_request} = $request if defined $request;
 	$self->{_response} = $request->new_response( 200 ) if defined $request;
-	my $sessionId = shift || $self->http->getCookies->{$config->getCookieName} || $self->id->generate;
+	my $sessionId = shift || $request->cookies->{$config->getCookieName} || $self->id->generate;
 	$sessionId = $self->id->generate unless $self->id->valid($sessionId);
 	my $noFuss = shift;
 	$self->{_var} = WebGUI::Session::Var->new($self,$sessionId, $noFuss);
diff --git a/lib/WebGUI/Session/Http.pm b/lib/WebGUI/Session/Http.pm
index 2863460f6..313486fc8 100644
--- a/lib/WebGUI/Session/Http.pm
+++ b/lib/WebGUI/Session/Http.pm
@@ -18,6 +18,12 @@ package WebGUI::Session::Http;
 use strict;
 use WebGUI::Utility;
 
+sub _deprecated {
+    my $alt = shift;
+    my $method = (caller(1))[3];
+    Carp::carp("$method is deprecated. Use 'WebGUI::$alt' instead.");
+}
+
 =head1 NAME
 
 Package WebGUI::Session::Http
@@ -91,7 +97,8 @@ Retrieves the cookies from the HTTP header and returns a hash reference containi
 
 sub getCookies {
 	my $self = shift;
-	return $self->session->request ? $self->session->request->cookies : {};
+	_deprecated('Request::cookies');
+	return $self->session->request->cookies;
 }
 
 
@@ -264,7 +271,7 @@ sub sendHeader {
 	
 	# send webgui session cookie
 	my $cookieName = $config->getCookieName;
-	$self->setCookie($cookieName,$var->getId, $config->getCookieTTL, $config->get("cookieDomain")) unless $var->getId eq $self->getCookies->{$cookieName};
+	$self->setCookie($cookieName,$var->getId, $config->getCookieTTL, $config->get("cookieDomain")) unless $var->getId eq $request->cookies->{$cookieName};
 
 	$self->setNoHeader(1);
 	my %params;