Pickaxe 246 is not only weak, but appears to be just wrong by saying:

if session['lastaccess']

which doesn't check that lastaccess is infact a hash key to begin with. 
  However, when I try a .has_key?, I get a failure with that (the above 
fails as I expect also).  So what gives?  Is this just broken, or am I 
not seeing an undocumented step that should be obvious to any 
clairvoyent that dares use this?

I also don't get enough from the core/classes/CGI/Session.html, which 
does't give good example of use of session, but rather only of starting 
a session...all evidence that perhaps this tool never actually ever got 
used...???

xc