Actually, I just tried that, and it told me that the session has not expired but the session is empty. $cnt has a value only on second and subsequent access to the page. if it is not defined, then I know I haven't accessed the page yet, and so there is no session until I create it in the second part of conditional block. All other accesses ought to have a session object, either a valid one or one that has expired. If the cookie is expired in the browser, then how can the server get the session ID and use that to determine whether or not the session has expired? If the cookie is expired, and thus not sent by the browser, the server can not use ID to determine whether or not the session has expired, let alone attempt to access its data, and this would imply that instead of using is_expired, one must check for the existance of the CGISESSID cookie; and this is what I would have done had the documentation indicated that the only way to determine whether or not the session has expired is to check that cookie. And, in fact, if there is no session cookie, why does function load not return NULL, since it would have no way to know what session data to try to load? I have not looked at checking the cookies, but will, but if your explanation is correct, then the documentation would seem to be misleading.