Yes, but it is above our code... We close the session once we are done. You need to open it again directly above your code that sets the session value.
The one you have on top is unnecessary since we open the session in the connection and authentication code, but we close it when we are done. That leaves it closed by the time your code runs.