PHP has built in session handling and the ability to store them to local, in memory, RDBMS database, or you can implement SessionHandlerInterface, SessionIdInterface with your own custom class.

It's probably the most battle hardened session system ever.