The $session API variable

This API variable provides access to read/write of session variables, login and logout of users, redirects, and more.

The $session API variable is provided to every template automatically. The session is started automatically and ready-to-use from your templates. It is not used with scripts accessing the API externally since ProcessWire is not in control of the session in that instance.

Setting and retrieving a session variable

It is very easy to use $session for maintaining persistent storage throughout the user's session. ProcessWire automatically starts session management on every request, so there is nothing you need to do to enable it... it's already running. Thus, to set a session variable, you would just do this:

$session->hello = "Hello World!";

Then you will be able to retrieve that value for any other page requests from the same user during this session:

echo $session->hello;  // displays: Hello World!

Unless you have changed something about PHP's session handling functions, the values are stored at the server side. The values retrieved from $session can be considered as safe as the values you set to it… they are not open to remote manipulation like cookie values.

Note: if you prefer, you can use get() and set() methods with $session instead of direct access.

$session function reference

See the full $session API reference in the comprehensive ProcessWire API reference.

Iterating $session

When you iterate $session, it cycles through all of your set session variables:

foreach($session as $name => $value) {
  echo "<p>$name =  $value</p>";
}

$session data storage

Session variables are currently stored with PHP's session functions with files in /site/assets/sessions/. This directory is protected from HTTP access by ProcessWire's .htaccess file. You can also install the SessionHandlerDB module (included with the core) which makes ProcessWire use database-driven sessions instead.

$session vs $_SESSION

You may also use PHP's $_SESSION superglobal variable in ProcessWire, but note that $session uses a different namespace within $_SESSION, so the two can't be used interchangeably for the same variables... it's best to stick to using one or the other, and we recommend using $session.

Newest forum posts

Latest news

  • ProcessWire Weekly #547
    In the 547th issue of ProcessWire Weekly we're going to check out the latest core updates, introduce a couple of new modules, and more. Read on!
    Weekly.pw / 2 November 2024
  • Custom Fields Module
    This week we look at a new ProFields module named Custom Fields. This module provides a way to rapidly build out ProcessWire fields that contain any number of subfields/properties within them.
    Blog / 30 August 2024
  • Subscribe to weekly ProcessWire news

“Indeed, if ProcessWire can be considered as a CMS in its own right, it also offers all the advantages of a CMF (Content Management Framework). Unlike other solutions, the programmer is not forced to follow the proposed model and can integrate his/her ways of doing things.” —Guy Verville, Spiria Digital Inc.