The $session API variable

This API variable provides access to read/write of session variables, login and logout of users, redirects, and more.

The $session API variable is provided to every template automatically. The session is started automatically and ready-to-use from your templates. It is not used with scripts accessing the API externally since ProcessWire is not in control of the session in that instance.

Setting and retrieving a session variable

It is very easy to use $session for maintaining persistent storage throughout the user's session. ProcessWire automatically starts session management on every request, so there is nothing you need to do to enable it... it's already running. Thus, to set a session variable, you would just do this:

$session->hello = "Hello World!";

Then you will be able to retrieve that value for any other page requests from the same user during this session:

echo $session->hello;  // displays: Hello World!

Unless you have changed something about PHP's session handling functions, the values are stored at the server side. The values retrieved from $session can be considered as safe as the values you set to it… they are not open to remote manipulation like cookie values.

Note: if you prefer, you can use get() and set() methods with $session instead of direct access.

$session function reference

See the full $session API reference in the comprehensive ProcessWire API reference.

Iterating $session

When you iterate $session, it cycles through all of your set session variables:

foreach($session as $name => $value) {
  echo "<p>$name =  $value</p>";
}

$session data storage

Session variables are currently stored with PHP's session functions with files in /site/assets/sessions/. This directory is protected from HTTP access by ProcessWire's .htaccess file. You can also install the SessionHandlerDB module (included with the core) which makes ProcessWire use database-driven sessions instead.

$session vs $_SESSION

You may also use PHP's $_SESSION superglobal variable in ProcessWire, but note that $session uses a different namespace within $_SESSION, so the two can't be used interchangeably for the same variables... it's best to stick to using one or the other, and we recommend using $session.

Newest forum posts

Latest news

  • ProcessWire Weekly #518
    The 518th issue of ProcessWire Weekly brings in all the latest news from the ProcessWire community. Modules, sites, and more. Read on!
    Weekly.pw / 13 April 2024
  • ProFields Table Field with Actions support
    This week we have some updates for the ProFields table field (FieldtypeTable). These updates are primarily focused on adding new tools for the editor to facilitate input and management of content in a table field.
    Blog / 12 April 2024
  • Subscribe to weekly ProcessWire news

“We chose ProcessWire because of its excellent architecture, modular extensibility and the internal API. The CMS offers the necessary flexibility and performance for such a complex website like superbude.de. ProcessWire offers options that are only available for larger systems, such as Drupal, and allows a much slimmer development process.” —xport communication GmbH