Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time


Sessions allow persisting data between requests without passing them to the client and back. Yii has a session package to work with session data.

In order to add it to your application, use composer:

composer require yiisoft/session --prefer-dist

Configuring middleware

In order to maintain a session between requests you need to add SessionMiddleware to your route group or application middlewares. Route group should be preferred when you have both API with token-based authentication and regular web routes in the same application. Having it this way avoids starting the session for API endpoints.

In order to add a session for a certain group of routes, edit config/routes.php like the following:



use Yiisoft\Router\Group;
use Yiisoft\Session\SessionMiddleware;

return [
            // ...

To add a session to the whole application, edit config/application.php like the following:

return [
    Yiisoft\Yii\Web\Application::class => [
        '__construct()' => [
            'dispatcher' => DynamicReference::to(static function (Injector $injector) {
                return ($injector->make(MiddlewareDispatcher::class))
                            SessionMiddleware::class, // <-- add this

Opening and closing session

public function actionProfile(\Yiisoft\Session\SessionInterface $session)
    // start session if it's not yet started

    // work with session

    // write session values and then close it

Note: Closing session as early as possible is a good practice since many session implementations are blocking other requests while session is open.

There are two more ways to close session:

public function actionProfile(\Yiisoft\Session\SessionInterface $session)
    // discard changes and close session

    // destroy session completely

Working with session data

Usually you will use the following methods to work with session data:

public function actionProfile(\Yiisoft\Session\SessionInterface $session)
    // get a value
    $lastAccessTime = $session->get('lastAccessTime');

    // get all values
    $sessionData = $session->all();
    // set a value
    $session->set('lastAccessTime', time());

    // check if value exists
    if ($session->has('lastAccessTime')) {
        // ...    
    // remove value

    // get value and then remove it
    $sessionData = $session->pull('lastAccessTime');

    // clear session data from runtime

Flash messages

In case you need some data to remain in session until read, such as in case with displaying a message on the next page flash messages is what you need. A flash message is a special type of data, that is available only in the current request and the next request. After that, it will be deleted automatically.

FlashInteface usage is the following:

/** @var Yiisoft\Session\Flash\FlashInterface $flash */

// request 1
$flash->set('warning', 'Oh no, not again.');

// request 2
$warning = $flash->get('warning');
if ($warning !== null) {
    // do something with it

Custom session storage

When using Yiisoft\Session\Session as session component, you can provide your own storage implementation:

$handler = new MySessionHandler();
$session = new \Yiisoft\Session\Session([], $handler);

Custom storage must implement \SessionHandlerInterface.