diff --git a/core/modules/node/node.admin.inc b/core/modules/node/node.admin.inc
index ac18da7..493dd52 100644
--- a/core/modules/node/node.admin.inc
+++ b/core/modules/node/node.admin.inc
@@ -1,6 +1,7 @@
 <?php
 
 use Drupal\Core\Database\Query\SelectInterface;
+use Drupal\Core\Session\Session;
 
 /**
  * @file
@@ -129,7 +130,8 @@ function node_filters() {
  */
 function node_build_filter_query(SelectInterface $query) {
   // Build query
-  $filter_data = isset($_SESSION['node_overview_filter']) ? $_SESSION['node_overview_filter'] : array();
+  $session = drupal_get_session();
+  $filter_data = $session->has('node_overview_filter') ? $session->get('node_overview_filter') : array();
   foreach ($filter_data as $index => $filter) {
     list($key, $value) = $filter;
     switch ($key) {
@@ -156,7 +158,8 @@ function node_build_filter_query(SelectInterface $query) {
  * @ingroup forms
  */
 function node_filter_form() {
-  $session = isset($_SESSION['node_overview_filter']) ? $_SESSION['node_overview_filter'] : array();
+  $session = drupal_get_session();
+  $session = $session->has('node_overview_filter') ? $session->get('node_overview_filter') : array();
   $filters = node_filters();
 
   $i = 0;
@@ -250,11 +253,12 @@ function node_filter_form_submit($form, &$form_state) {
         }
       }
       break;
+    $session = drupal_get_session();
     case t('Undo'):
       array_pop($_SESSION['node_overview_filter']);
       break;
     case t('Reset'):
-      $_SESSION['node_overview_filter'] = array();
+      $session->set('node_overview_filter') = array();
       break;
   }
 }
diff --git a/core/modules/overlay/overlay.install b/core/modules/overlay/overlay.install
index 2fa7c84..4e82d29 100644
--- a/core/modules/overlay/overlay.install
+++ b/core/modules/overlay/overlay.install
@@ -1,5 +1,7 @@
 <?php
 
+use Drupal\Core\Session\Session;
+
 /**
  * @file
  * Install, update and uninstall functions for the overlay module.
@@ -12,8 +14,9 @@
  * install profile, reopen the modules page in an overlay.
  */
 function overlay_enable() {
+  $session = drupal_get_session();
   if (strpos(current_path(), 'admin/modules') === 0) {
     // Flag for a redirect to <front>#overlay=admin/modules on hook_init().
-    $_SESSION['overlay_enable_redirect'] = 1;
+    $session->set('overlay_enable_redirect') = 1;
   }
 }
diff --git a/core/modules/overlay/overlay.module b/core/modules/overlay/overlay.module
index 144c2ab..a197e39 100644
--- a/core/modules/overlay/overlay.module
+++ b/core/modules/overlay/overlay.module
@@ -1,5 +1,6 @@
 <?php
 
+use Drupal\Core\Session\Session;
 /**
  * @file
  * Displays the Drupal administration interface in an overlay.
@@ -118,6 +119,7 @@ function overlay_user_presave(&$edit, $account) {
  */
 function overlay_init() {
   global $user;
+  $session = drupal_get_session();
 
   $mode = overlay_get_mode();
 
@@ -128,17 +130,17 @@ function overlay_init() {
     $current_path = current_path();
     // After overlay is enabled on the modules page, redirect to
     // <front>#overlay=admin/modules to actually enable the overlay.
-    if (isset($_SESSION['overlay_enable_redirect']) && $_SESSION['overlay_enable_redirect']) {
-      unset($_SESSION['overlay_enable_redirect']);
+    if ($session->has('overlay_enable_redirect') && $session->get('overlay_enable_redirect')) {
+      $session->remove('overlay_enable_redirect');
       drupal_goto('<front>', array('fragment' => 'overlay=' . $current_path));
     }
 
     if (isset($_GET['render']) && $_GET['render'] == 'overlay') {
       // If a previous page requested that we close the overlay, close it and
       // redirect to the final destination.
-      if (isset($_SESSION['overlay_close_dialog'])) {
-        call_user_func_array('overlay_close_dialog', $_SESSION['overlay_close_dialog']);
-        unset($_SESSION['overlay_close_dialog']);
+      if ($session->has('overlay_close_dialog')) {
+        call_user_func_array('overlay_close_dialog', $session->get('overlay_close_dialog'));
+        $session->remove('overlay_close_dialog');
       }
       // If this page shouldn't be rendered inside the overlay, redirect to the
       // parent.
@@ -232,6 +234,7 @@ function overlay_library_info() {
  * Implements hook_drupal_goto_alter().
  */
 function overlay_drupal_goto_alter(&$path, &$options, &$http_response_code) {
+  $session = drupal_get_session();
   if (overlay_get_mode() == 'child') {
     // The authorize.php script bootstraps Drupal to a very low level, where
     // the PHP code that is necessary to close the overlay properly will not be
@@ -240,7 +243,7 @@ function overlay_drupal_goto_alter(&$path, &$options, &$http_response_code) {
     // close the overlay there before redirecting to the final destination; see
     // overlay_init().
     if ($path == system_authorized_get_url() || $path == system_authorized_batch_processing_url()) {
-      $_SESSION['overlay_close_dialog'] = array($path, $options);
+      $session->set('overlay_close_dialog') = array($path, $options);
       $path = current_path();
       $options = drupal_get_query_parameters();
     }
@@ -937,7 +940,8 @@ function overlay_request_refresh($region) {
  * @see overlay_trigger_refresh()
  */
 function overlay_request_page_refresh() {
-  $_SESSION['overlay_refresh_parent'] = TRUE;
+  $session = drupal_get_session();
+  $session->set('overlay_refresh_parent') = TRUE;
 }
 
 /**
@@ -953,18 +957,19 @@ function overlay_request_page_refresh() {
  * @see Drupal.overlay.refreshRegions()
  */
 function overlay_trigger_refresh() {
-  if (!empty($_SESSION['overlay_regions_to_refresh'])) {
+  $session = drupal_get_session();
+  if (!empty($session->get('overlay_regions_to_refresh'))) {
     $settings = array(
       'overlayChild' => array(
-        'refreshRegions' => $_SESSION['overlay_regions_to_refresh'],
+        'refreshRegions' => $session->get('overlay_regions_to_refresh'),
       ),
     );
     drupal_add_js($settings, array('type' => 'setting'));
-    unset($_SESSION['overlay_regions_to_refresh']);
+    $session->remove('overlay_regions_to_refresh');
   }
-  if (!empty($_SESSION['overlay_refresh_parent'])) {
+  if (!empty($session->get('overlay_refresh_parent'))) {
     drupal_add_js(array('overlayChild' => array('refreshPage' => TRUE)), array('type' => 'setting'));
-    unset($_SESSION['overlay_refresh_parent']);
+    $session->remove('overlay_refresh_parent');
   }
 }
 
diff --git a/core/modules/system/system.module b/core/modules/system/system.module
index 200a335..33c0212 100644
--- a/core/modules/system/system.module
+++ b/core/modules/system/system.module
@@ -1,5 +1,7 @@
 <?php
 
+use Drupal\Core\Session\Session;
+
 /**
  * @file
  * Configuration system that lets administrators modify the workings of the site.
@@ -1824,10 +1826,11 @@ function system_authorized_init($callback, $file, $arguments = array(), $page_ti
   // First, figure out what file transfer backends the site supports, and put
   // all of those in the SESSION so that authorize.php has access to all of
   // them via the class autoloader, even without a full bootstrap.
-  $_SESSION['authorize_filetransfer_info'] = drupal_get_filetransfer_info();
+  $session = drupal_get_session();
+  $session->set('authorize_filetransfer_info') = drupal_get_filetransfer_info();
 
   // Now, define the callback to invoke.
-  $_SESSION['authorize_operation'] = array(
+  $session->set('authorize_operation') = array(
     'callback' => $callback,
     'file' => $file,
     'arguments' => $arguments,
@@ -1936,6 +1939,7 @@ function system_filetransfer_info() {
  * Implements hook_init().
  */
 function system_init() {
+  $session = drupal_get_session();
   $path = drupal_get_path('module', 'system');
   // Add the CSS for this module. These aren't in system.info, because they
   // need to be in the CSS_SYSTEM group rather than the CSS_DEFAULT group.
@@ -1956,14 +1960,14 @@ function system_init() {
   // That way, that user will see their changes immediately while for other
   // users we still get the benefits of having a slave server, just with slightly
   // stale data.  Code that wants to disable the slave server should use the
-  // db_set_ignore_slave() function to set $_SESSION['ignore_slave_server'] to
+  // db_set_ignore_slave() function to set $session->('ignore_slave_server') to
   // the timestamp after which the slave can be re-enabled.
-  if (isset($_SESSION['ignore_slave_server'])) {
-    if ($_SESSION['ignore_slave_server'] >= REQUEST_TIME) {
+  if (isset($session->get('ignore_slave_server'))) {
+    if ($session->get('ignore_slave_server') >= REQUEST_TIME) {
       Database::ignoreTarget('default', 'slave');
     }
     else {
-      unset($_SESSION['ignore_slave_server']);
+      $session->remove('ignore_slave_server');
     }
   }
 
diff --git a/core/modules/update/update.authorize.inc b/core/modules/update/update.authorize.inc
index 48dfd35..b29e1c2 100644
--- a/core/modules/update/update.authorize.inc
+++ b/core/modules/update/update.authorize.inc
@@ -10,6 +10,7 @@
  */
 
 use Drupal\Core\Updater\UpdaterException;
+use Drupal\Core\Session\Session;
 
 /**
  * Callback invoked by authorize.php to update existing projects.
@@ -175,6 +176,7 @@ function update_authorize_batch_copy_project($project, $updater_name, $local_url
  * back online and clearing the update status cache after a successful update.
  */
 function update_authorize_update_batch_finished($success, $results) {
+  $session = drupal_get_session();
   foreach ($results['log'] as $project => $messages) {
     if (!empty($messages['#abort'])) {
       $success = FALSE;
@@ -187,7 +189,7 @@ function update_authorize_update_batch_finished($success, $results) {
     _update_authorize_clear_update_status();
 
     // Take the site out of maintenance mode if it was previously that way.
-    if ($offline && isset($_SESSION['maintenance_mode']) && $_SESSION['maintenance_mode'] == FALSE) {
+    if ($offline && $session->has('maintenance_mode') && $session->get('maintenance_mode') == FALSE) {
       variable_set('maintenance_mode', FALSE);
       $page_message = array(
         'message' => t('Update was completed successfully. Your site has been taken out of maintenance mode.'),
@@ -219,7 +221,7 @@ function update_authorize_update_batch_finished($success, $results) {
   $results['tasks'][] = t('<a href="@update">Run database updates</a>', array('@update' => base_path() . 'core/update.php'));
 
   // Unset the variable since it is no longer needed.
-  unset($_SESSION['maintenance_mode']);
+  $session->remove('maintenance_mode');
 
   // Set all these values into the SESSION so authorize.php can display them.
   $_SESSION['authorize_results']['success'] = $success;
diff --git a/core/modules/update/update.manager.inc b/core/modules/update/update.manager.inc
index f7881d4..e1a310f 100644
--- a/core/modules/update/update.manager.inc
+++ b/core/modules/update/update.manager.inc
@@ -1,5 +1,7 @@
 <?php
 
+use Drupal\Core\Session\Session;
+
 /**
  * @file
  * Administrative screens and processing functions for the update manager.
@@ -335,6 +337,7 @@ function update_manager_update_form_submit($form, &$form_state) {
  * Batch callback invoked when the download batch is completed.
  */
 function update_manager_download_batch_finished($success, $results) {
+  $session = drupal_get_session();
   if (!empty($results['errors'])) {
     $error_list = array(
       'title' => t('Downloading updates failed:'),
@@ -344,7 +347,7 @@ function update_manager_download_batch_finished($success, $results) {
   }
   elseif ($success) {
     drupal_set_message(t('Updates downloaded successfully.'));
-    $_SESSION['update_manager_update_projects'] = $results['projects'];
+    $session->set('update_manager_update_projects') = $results['projects'];
     drupal_goto('admin/update/ready');
   }
   else {
@@ -406,21 +409,22 @@ function update_manager_update_ready_form($form, &$form_state) {
  * @see system_authorized_get_url()
  */
 function update_manager_update_ready_form_submit($form, &$form_state) {
+  $session = drupal_get_session();
   // Store maintenance_mode setting so we can restore it when done.
-  $_SESSION['maintenance_mode'] = variable_get('maintenance_mode', FALSE);
+  $session->set('maintenance_mode') = variable_get('maintenance_mode', FALSE);
   if ($form_state['values']['maintenance_mode'] == TRUE) {
     variable_set('maintenance_mode', TRUE);
   }
 
-  if (!empty($_SESSION['update_manager_update_projects'])) {
+  if ($session->has('update_manager_update_projects')) {
     // Make sure the Updater registry is loaded.
     drupal_get_updaters();
 
     $updates = array();
     $directory = _update_manager_extract_directory();
 
-    $projects = $_SESSION['update_manager_update_projects'];
-    unset($_SESSION['update_manager_update_projects']);
+    $projects = $session->get('update_manager_update_projects');
+    $session->remove('update_manager_update_projects');
 
     foreach ($projects as $project => $url) {
       $project_location = $directory . '/' . $project;
diff --git a/core/modules/user/user.admin.inc b/core/modules/user/user.admin.inc
index 8de4fb9..761634d 100644
--- a/core/modules/user/user.admin.inc
+++ b/core/modules/user/user.admin.inc
@@ -1,5 +1,7 @@
 <?php
 
+use Drupal\Core\Session\Session;
+
 /**
  * @file
  * Admin page callback file for the user module.
@@ -32,7 +34,8 @@ function user_admin($callback_arg = '') {
  * @see user_filter_form_submit()
  */
 function user_filter_form() {
-  $session = isset($_SESSION['user_overview_filter']) ? $_SESSION['user_overview_filter'] : array();
+  $session = drupal_get_session();
+  $session = $session->has('user_overview_filter') ? $session->get('user_overview_filter') : array();
   $filters = user_filters();
 
   $i = 0;
diff --git a/core/modules/user/user.module b/core/modules/user/user.module
index 3b1d9cb..9d0157d 100644
--- a/core/modules/user/user.module
+++ b/core/modules/user/user.module
@@ -1,6 +1,7 @@
 <?php
 
 use Drupal\Core\Database\Query\SelectInterface;
+use Drupal\Core\Session\Session;
 
 /**
  * @file
@@ -920,6 +921,7 @@ function user_user_view($account) {
  * @see user_validate_mail()
  */
 function user_account_form(&$form, &$form_state) {
+  $session = drupal_get_session();
   global $user;
 
   $account = $form['#user'];
@@ -968,7 +970,8 @@ function user_account_form(&$form, &$form_state) {
     );
     // To skip the current password field, the user must have logged in via a
     // one-time link and have the token in the URL.
-    $pass_reset = isset($_SESSION['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $_SESSION['pass_reset_' . $account->uid]);
+    // $pass_reset = isset($session->get['pass_reset_' . $account->uid]) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] ==$session->get['pass_reset_' . $account->uid]);
+    $pass_reset = $session->has('pass_reset_' . $account->uid) && isset($_GET['pass-reset-token']) && ($_GET['pass-reset-token'] == $session->get('pass_reset_' . $account->uid));
     $protected_values = array();
     $current_pass_description = '';
     // The user may only change their own password without their current
@@ -3360,7 +3363,7 @@ function user_filters() {
 function user_build_filter_query(SelectInterface $query) {
   $filters = user_filters();
   // Extend Query with filter conditions.
-  foreach (isset($_SESSION['user_overview_filter']) ? $_SESSION['user_overview_filter'] : array() as $filter) {
+  foreach ($session->has('user_overview_filter') ? $session->get('user_overview_filter') : array() as $filter) {
     list($key, $value) = $filter;
     // This checks to see if this permission filter is an enabled permission for
     // the authenticated role. If so, then all users would be listed, and we can
diff --git a/core/modules/user/user.pages.inc b/core/modules/user/user.pages.inc
index f24849c..64c758a 100644
--- a/core/modules/user/user.pages.inc
+++ b/core/modules/user/user.pages.inc
@@ -1,5 +1,7 @@
 <?php
 
+use Drupal\Core\Session\Session;
+
 /**
  * @file
  * User page callback file for the user module.
@@ -90,6 +92,7 @@ function user_pass_submit($form, &$form_state) {
  * Menu callback; process one time login link and redirects to the user page on success.
  */
 function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $action = NULL) {
+  $session = drupal_get_session();
   global $user;
 
   // When processing the one-time login link, we have to make sure that a user
@@ -137,7 +140,7 @@ function user_pass_reset($form, &$form_state, $uid, $timestamp, $hashed_pass, $a
           drupal_set_message(t('You have just used your one-time login link. It is no longer necessary to use this link to log in. Please change your password.'));
           // Let the user's password be changed without the current password check.
           $token = drupal_hash_base64(drupal_random_bytes(55));
-          $_SESSION['pass_reset_' . $user->uid] = $token;
+          $session->set('pass_reset_' . $user->uid) = $token;
           drupal_goto('user/' . $user->uid . '/edit', array('query' => array('pass-reset-token' => $token)));
         }
         else {
@@ -281,8 +284,9 @@ function user_profile_form_submit($form, &$form_state) {
 
   if (!empty($edit['pass'])) {
     // Remove the password reset tag since a new password was saved.
-    unset($_SESSION['pass_reset_'. $account->uid]);
-  }
+   // unset($_SESSION['pass_reset_'. $account->uid]);
+    $session->remove('pass_reset_'. $account->uid);
+   }
   // Clear the page cache because pages can contain usernames and/or profile information:
   cache_clear_all();