a Symfony Product

The PHP micro-framework
based on the Symfony Components

Silex is in maintenance mode. Ends of life is set to June 2018.
Use Symfony 4 instead. Read more on Symfony's blog.
You are reading the documentation for Silex 2.0. Switch to the documentation for Silex 1.3.

Questions & Feedback


Creative Commons License Silex documentation is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License.


The SessionServiceProvider provides a service for storing data persistently between requests.


  • session.storage.save_path (optional): The path for the NativeFileSessionHandler, defaults to the value of sys_get_temp_dir().

  • session.storage.options: An array of options that is passed to the constructor of the session.storage service.

    In case of the default NativeSessionStorage, the most useful options are:

    • name: The cookie name (_SESS by default)
    • id: The session id (null by default)
    • cookie_lifetime: Cookie lifetime
    • cookie_path: Cookie path
    • cookie_domain: Cookie domain
    • cookie_secure: Cookie secure (HTTPS)
    • cookie_httponly: Whether the cookie is http only

    However, all of these are optional. Default Sessions life time is 1800 seconds (30 minutes). To override this, set the lifetime option.

    For a full list of available options, read the PHP official documentation.

  • session.test: Whether to simulate sessions or not (useful when writing functional tests).

  • session.attribute_bag (optional): The attribute bag service to use in the session. Instance of AttributeBagInterface.

  • session.flash_bag (optional): The flash bag service to use in the session. Instance of FlashBagInterface.


  • session: An instance of Symfony’s Session.
  • session.storage: A service that is used for persistence of the session data.
  • session.storage.handler: A service that is used by the session.storage for data access. Defaults to a NativeFileSessionHandler storage handler.


$app->register(new Silex\Provider\SessionServiceProvider());

Using Handlers

The default session handler is NativeFileSessionHandler. However, there are multiple handlers available for use by setting session.storage.handler to an instance of one of the following handler objects:


The Session provider provides a session service. Here is an example that authenticates a user and creates a session for them:

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

$app->get('/login', function (Request $request) use ($app) {
    $username = $request->server->get('PHP_AUTH_USER', false);
    $password = $request->server->get('PHP_AUTH_PW');

    if ('igor' === $username && 'password' === $password) {
        $app['session']->set('user', array('username' => $username));
        return $app->redirect('/account');

    $response = new Response();
    $response->headers->set('WWW-Authenticate', sprintf('Basic realm="%s"', 'site_login'));
    $response->setStatusCode(401, 'Please sign in.');
    return $response;

$app->get('/account', function () use ($app) {
    if (null === $user = $app['session']->get('user')) {
        return $app->redirect('/login');

    return "Welcome {$user['username']}!";

Custom Session Configurations

If your system is using a custom session configuration (such as a redis handler from a PHP extension) then you need to disable the NativeFileSessionHandler by setting session.storage.handler to null. You will have to configure the session.save_path ini setting yourself in that case.

$app['session.storage.handler'] = null;
Website powered by Symfony and Twig, deployed on
The Silex logo is © 2010-2018 Symfony