In the same session you can store it like that, I thought you ment two different runtimes.
$_SESSION are unique to you, as long as they don't have your session cookie id, they can't access it. If they don't hack your application and grab it from there, but then you have other problems.
$_SESSION size are limited to PHP memory, and are stored serialized on file, so that's not something I would recommend. I would go for a cache engine instead, like redis or memcache.