This API variable provides access to read and write session variables, login and logout users, and redirect to another page.

The $session API variable is provided to every template automatically. The session is started automatically and ready-to-use from your templates.  It is not used with scripts accessing the API externally since ProcessWire is not in control of the session in that instance.

Setting and retrieving a session variable

It is very easy to use $session for maintaining persistent storage throughout the user's session. ProcessWire automatically starts session management on every request, so there is nothing you need to do to enable it... it's already running. Thus, to set a session variable, you would just do this:

$session->hello = "Hello World!"; 

Then you will be able to retrieve that value for any other page requests from the same user during this session:

echo $session->hello;  // displays: Hello World!

Unless you have changed something about PHP's session handling functions, the values are stored at the server side. The values retrieved from $session can be considered as safe as the values you set to it… they are not open to remote manipulation like cookie values.

$session function reference

$session->set($name, $value)Set the session variable $name to have the value $value
$session->get($name)Get the session variable identified by the string $name
$session->$name = $valueAlternate syntax for $session->set($name, $value)
$value = $session->$nameAlternate syntax for $session->get($name)
$session->getAll()Return all set session variables in an array
$session->remove($name)Remove/unset the session variable identified by the string $name
$session->login($name, $pass)Login the user identified by $name and authenticated by $pass.
Returns the user object on successful login or null on failure.
$session->logout()Logout the current user session
$session->redirect($url)Send an HTTP 301 (permanent) redirect to the specified URL
$session->redirect($url, false)Send an HTTP 302 (temporary) redirect to the specified URL

Iterating $session

When you iterate $session, it cycles through all of your set session variables:

foreach($session as $name => $value) 
    echo "<p>$name =  $value</p>";

$session data storage

Session variables are currently stored with PHP's session functions with files in /site/assets/sessions/. This directory is protected from HTTP access by ProcessWire's .htaccess file.

$session vs $_SESSION

You may also use PHP's $_SESSION superglobal variable in ProcessWire, but note that $session uses a different namespace within $_SESSION, so the two can't be used interchangeably for the same variables... it's best to stick to using one or the other, and we recommend using $session.

Comments

  • Sebastian Stüber

    Sebastian Stüber 2 years ago 11

    Hi,
    Is there a way to completely turn of sessions (on the front-end)?
    My templates are not using the $session veriable, and I would like to avoid setting a cookie on the normal user.

    Thank You

  • gmclelland

    gmclelland 1 year ago 00

    @SEBASTIAN STÜBER see the following

    http://processwire.com/blog/posts/multi-instance-pw3/#more-session-control

    Hope that helps

Post a Comment

Your e-mail is kept confidential and not included with your comment. Website is optional.