Using Sessions in Zend Framework 2

Published on December 1, 2012 by

As of this writing, there is no official documentation regarding how to use sessions in Zend Framework 2. This article is in no way aiming to be a substitution, but merely a quick introduction on how to get started with sessions in Zend Framework 2.

Let us say, for instance, that you want to keep the username of a user in a session when they log in so that you can access it whenever you need it. This is very simple to accomplish.

namespace MyApplication\Controller;

use Zend\Mvc\Controller\AbstractActionController;
use Zend\Session\Container; // We need this when using sessions

class UserController extends AbstractActionController {
	public function loginAction() {
		// Store username in session
		$user_session = new Container('user');
		$user_session->username = 'Andy0708';

		return $this->redirect()->toRoute('welcome');

	public function welcomeAction() {
		// Retrieve username from session
		$user_session = new Container('user');
		$username = $user_session->username; // $username now contains 'Andy0708'

It could barely be any easier, right? Let us take a look at what is actually happening. First we instantiate the Zend\Session\Container class and pass a string (a name). This name is optional; if one is not specified, “Default” will be used as per the class’ constructor. You can think of this name as a namespace; in this way, it is possible to use identical session keys in different containers (or “namespaces”). For example, you may have an “id” key on both “product” and “user”. In this case, you could create two containers – “product” and “user” respectively – and then have “id” keys in both. In this way, the keys do not interfere with each another.

The Zend\Session\Container class extends PHP’s ArrayObject and uses the ArrayObject::ARRAY_AS_PROPS “option”. What this means is that key values can be read and set as properties like in the example above. What actually happens is that the Container class’ offsetGet and offsetSet methods are called. These methods are defined in the ArrayAccess interface, which is implemented by the ArrayObject class. They are then overridden by the Container class. Apologies if that is confusing; in reality, you do not have to know this to make use of sessions; but if you were interested, then that is what happens internally.

Something else interesting happens; the $_SESSION superglobal array is replaced with an instance of Zend\Session\Storage\SessionStorage. Let us take a look at how the $_SESSION variable looks like.

Zend\Session\Storage\SessionStorage Object
    [isImmutable:protected] => 
    [storage:ArrayObject:private] => Array
            [__ZF] => Array
                    [_REQUEST_ACCESS_TIME] => 1354373227.1111

            [user] => ArrayObject Object
                    [storage:ArrayObject:private] => Array
                            [username] => Andy0708




The SessionStorage class also extends the ArrayObject class (actually, it extends ArrayStorage, which extends ArrayObject), and thus we can use the object as an array. Because of this, the two ways of accessing a session key below are equivalent.

$username = $user_session->username;
$username = $_SESSION['user']['username'];

Hopefully this has helped you learn how to use sessions in Zend Framework 2 and, if you were interested, what happens behind the scenes as well.

Thank you for reading.


Learn Zend Framework today!

Take an online course and become a ZF2 ninja!

Here is what you will learn:

  • Understand the theory of Zend Framework in details
  • How to implement an enterprise-ready architecture
  • Develop professional applications in Zend Framework
  • Proficiently work with databases in Zend Framework
  • ... and much more!
Zend Framework logo
Author avatar
Bo Andersen

About the Author

I am a back-end web developer with a passion for open source technologies. I have been a PHP developer for many years, and also have experience with Java and Spring Framework. I currently work full time as a lead developer. Apart from that, I also spend time on making online courses, so be sure to check those out!

26 comments on »Using Sessions in Zend Framework 2«

  1. Steph

    OK, this is great. Thanks!

  2. Ibrahim

    Question; how do you use the database as an session storage in Zend Framework 2.0 ?

    • Andy

      Hello Ibrahim and thank you for your comment.

      Storing sessions in a database is not the optimal way to go about it in regards to performance. There may be situations where you would want to centralize the session storage in a database, such as when using using multiple web servers. The efficiency is still better with a cache, but using a database definitely simplifies the production environment. It thus depends on the situation and what you wish to accomplish.

      Anyways, I have not actually done this myself, but I took a quick look at the classes within the Zend\Session namespace. Here is what you could try:

      1. Create an instance of the Zend\Session\SessionManager class. This class extends the Zend\Session\AbstractMapper class which has a $saveHandler variable.

      2. Create an instance of Zend\Session\SaveHandler\DbTableGateway passing an instance of Zend\Db\TableGateway\TableGateway and Zend\Session\SaveHandler\DbTableGatewayOptions to its constructor.

      3. On the SessionManager object, set the $saveHandler to the instance created in step 2 via its setSaveHandler() method.

      4. Create an instance of Zend\Session\Container and set its $manager variable to the SessionManager instance via its setManager() method.

      Again, I have not tried this, so it may not work and you may have to do additional configuration. However, taking a quick look at the files, this should at least get you going in the right direction. Perhaps I will write an article about this when I will have the time to try it out.

      I hope it helps.


    • Michael Ben-Nes

      Dont use DB as a session controller. its a performance killer.
      Better go with APC / Memcache / and alike

      • suresh

        thank you

  3. Rashmirathi


    Thanks for the efforts documenting it out.

    A few questions.
    1. How can we make configurations like alive time?
    2. Does the above store the information as Cookie? Can we use above and still be in compliance to EU Cookie Laws?

    Thanks for the help.
    Really Appreciate it.

    • Hello Rashmirathi,

      You are very welcome. I am happy that you found the article useful.

      A few months ago, official documentation for Zend\Session was added, and it contains information that answers your first question. Please have a look at the following page; I believe what you are looking for is the remember_me_seconds or cookie_lifetime entries, depending on exactly what you wish to achieve.

      As for your second question, I have to say that I have not spent time looking into the cookie law, but a quick search brought me to this page. It describes a session cookie as such:

      Session cookies last only for the session. They are erased when the user closes the web browser

      And later it states the following:

      The use of cookies on EUROPA is therefore allowed only with certain restrictions :

      – cookies can only be used without explicit permission if they are limited to the current session

      It appears to me that session cookies (which are used for keeping track of session data) are permitted without asking the user for verification, because they are temporary and are limited to a single browsing session, after which they expire. Anything else would be exaggerated in my opinion, because most websites use sessions. Therefore I think that you will be just fine.

      I hope this helps.

      Best regards,
      Bo Andersen AKA Andy

      • Rashmirathi

        Dear Andy

        Thanks for reply.

        Sorry for not being able to put my 2nd question properly. I am aware of Europe laws, however, I am eager to know whether Zend stores sessions as permanent cookies.

        Here is a little scenario that might help me explain it better,
        When we create a normal session (using PHP), it gets deleted after we close browser (or restart system).
        However, in my test run (with session code you explained), Zend maintained the values even after I’ve restarted (reboot) the system.

        This leads me to believe that Zend maintains it as permanent value, and we might have to provide additional configuration/efforts to make the session expire after one closes the browser.
        Now, I have to admit I am new to Zend, and probably would be doing something wrong. I would really appreciate if you can please test it at your end, and may be provide some help.

        Warm Regards

        • Hello Rashmirathi,

          I have tried to reproduce your problem, but I have not been able to. With the approach that was outlined in this article, my session data gets removed once I close my browser (tested with Safari and Chrome). It would not make much sense for Zend Framework to persist session data permanently, because sessions are used for storing temporary data. The result would be keeping track of many, many sessions over time.

          Perhaps the cause of your problem is related to your development environment. Please try to lookup the following configuration entries in your php.ini file (perhaps call phpinfo() in your code): session.gc_maxlifetime and session.cookie_lifetime. The default values are 1440 and 0, respectively. The former indicates when the session should be considered garbage and be a candidate for garbage collection (even though when the garbage collection actually occurs is non-deterministic). Having the cookie lifetime to 0 means that it will expire once the browser is closed. If the value is set to 100, then the cookie will exist for 100 seconds, even across browser restarts. It is, however, important to note that this does not affect the existence of the session data, but merely the association between your browser instance and the server’s session data. For a more detailed description, please see this page.

          Best regards,
          Bo Andersen

  4. Mehdi

    hi,how use session if cookie was off!

  5. Richard

    I have looking for this for a long time,thank you very much!

    • khunshan

      Same feeling

  6. Raja


  7. Ashu

    I have implemented Zend Auth by creating AuthenticationService Object in Module.php in getServiceConfig() Like

    'AuthService' => function($sm) {
                        $dbAdapter = $sm->get('Zend\Db\Adapter\Adapter');
                        $dbTableAuthAdapter = new DbTableAuthAdapter($dbAdapter, 'tblUSRUsers', 'Email', 'Password', "MD5(?)");
                        $authService = new AuthenticationService();
                        return $authService;

    & then in controller action, i am getting this object by $this->getServiceLocator()->get(‘AuthService’);
    & then authenticating it
    & then getting Values using

    $authservice = $this->getServiceLocator()->get('AuthService');
             $arrUserDetails     =   $authservice->getIdentity();

    Its working fine, these values are available.

    But the problem is ServiceLocator is not available in Controller constructor so can’t write the above code there & writing this code in each & every action don’t seem to be a good practice.
    Could anyone please help out with this?

  8. Billy Scholtz

    Thank you, this is the only usable info on ZF 2 sessions on the net. Please try and publish it more prominent for more devs to see. Most of the other information way too technical. Yes we need that, but Frameworks are suppose to save us time, not sending us back to college.

    Thank you. I implemented another far more complex solution, and by accident saw this. Needless, your post and method just make so much more sense.

    • Hello Billy,

      Thank you so much for your kind words. I really appreciate it! I am very happy that this post helped you.

  9. Juan Manuel Gonzalez Alama

    Thanks for the quick tutorial of using sessions. This is the way I implemented sessions in my app and works fine! But I have a question about the following code:

    $session= new Container('mysession');
    $session->username = 'Andy0708';

    Why if I do this the $session print is infinite? Is this expected? Although if I do print_r($session->username) it works fine, it’s scary that $session is THAT big.

    Thanks again for the tutorial!

    • Hello Juan,

      I am happy that the code is working for you. I am not really sure why print_r prints an infinite array (except that it is related to recursion), although it is something I have experienced many times myself, too. Please try var_dump instead. Anyways, I can recommend you to set up Xdebug on your machine as it really makes debugging so much easier, provided that you are using an IDE such as PhpStorm. And don’t worry, the size of the session is not enormous as print_r might lead one to believe. ;-)

      Thanks for reading.

  10. Pankaj thakur

    how to destroy the session. i created it like

    public function loginAction() {
    	// Store username in session
    	$user_session = new Container('user');
    	$user_session->username = 'Andy0708';
    	return $this->redirect()->toRoute('welcome');

    now how can i destroy it?

    • Hello Pankaj,

      If you want to remove a single value in the session, try this: unset($user_session->username);

      If you want to destroy the session altogether, then try this: $user_session->getManager()->getStorage()->clear();

      If you want to destroy a specific session namespace (in this example the user namespace), then try this: $user_session->getManager()->getStorage()->clear(‘user’);

      I hope that helped.

  11. frddy

    thanks man this works well for all my modules

  12. bhavik

    I am getting the session value in same action but not in another action as well as controller?

    What can be issue?

  13. Azhar

    Can you solve my problem?

    I am storing an array in a session after the login page by using the following code.

    $container = new Container('user');

    where $data is an array. after loggin then i retrieve the same by using the following code.

    $container = new Container('user');

    But i am getting an error when i logged in first time if i referesh the same then its working fine.

    Can you suggest me the exactly why i am getting the error on the first time and the solution of this?

Leave a Reply

Your e-mail address will not be published.