The $session API variable

This API variable provides access to read/write of session variables, login and logout of users, redirects, and more.

The $session API variable is provided to every template automatically. The session is started automatically and ready-to-use from your templates. It is not used with scripts accessing the API externally since ProcessWire is not in control of the session in that instance.

Setting and retrieving a session variable

It is very easy to use $session for maintaining persistent storage throughout the user's session. ProcessWire automatically starts session management on every request, so there is nothing you need to do to enable it... it's already running. Thus, to set a session variable, you would just do this:

$session->hello = "Hello World!"; 

Then you will be able to retrieve that value for any other page requests from the same user during this session:

echo $session->hello;  // displays: Hello World!

Unless you have changed something about PHP's session handling functions, the values are stored at the server side. The values retrieved from $session can be considered as safe as the values you set to it… they are not open to remote manipulation like cookie values.

Note: if you prefer, you can use get() and set() methods with $session instead of direct access.

$session function reference

See the full $session API reference in the comprehensive ProcessWire API reference.

Iterating $session

When you iterate $session, it cycles through all of your set session variables:

foreach($session as $name => $value) {
  echo "<p>$name =  $value</p>";
}

$session data storage

Session variables are currently stored with PHP's session functions with files in /site/assets/sessions/. This directory is protected from HTTP access by ProcessWire's .htaccess file. You can also install the SessionHandlerDB module (included with the core) which makes ProcessWire use database-driven sessions instead.

$session vs $_SESSION

You may also use PHP's $_SESSION superglobal variable in ProcessWire, but note that $session uses a different namespace within $_SESSION, so the two can't be used interchangeably for the same variables... it's best to stick to using one or the other, and we recommend using $session.

Latest news

  • ProcessWire Weekly #559
    The 559th issue of ProcessWire Weekly brings in all the latest news from the ProcessWire community. Modules, sites, and more. Read on!
    Weekly.pw / 25 January 2025
  • ProcessWire 3.0.244 new main/master version
    ProcessWire 3.0.244 is our newest main/master/stable version. It's been more than a year in the making and is packed with tons of new features, issue fixes, optimizations and more. This post covers all the details.
    Blog / 18 January 2025
  • Subscribe to weekly ProcessWire news

“We were really happy to build our new portfolio website on ProcessWire! We wanted something that gave us plenty of control on the back-end, without any bloat on the front end - just a nice, easy to access API for all our content that left us free to design and build however we liked.” —Castus, web design agency in Sheffield, UK