[eluser]erik.brannstrom[/eluser]
I copied all your code to test it out myself, and realized that I never asked you if you got any error messages.. As I ran it all these errors about session headers already sent appeared which made me realize another good practice, namely NOT having "?>" at the end of your PHP files.
The problem is you have a trailing space after telling the interpreter that the PHP code has now ended, so it renders that space as output. Once this is done, the headers are sent to the browser and you can no longer modify these headers (which include sessions).
In other words, once I removed all the ?> from your controllers it worked just fine.