Session is wrapped in the session class, never access directly session variables with $_SESSION['myvar'] but use always $session->Get("myvar")

Never use session_start(), just instantiate the session class which does what's necessary (regenerating a new session ID for security reasons).