No, you do not have to handle sessions, phalcon does that for you. Just add session to your DI in your startup file like so:
// session
$di->setShared('session', function() {
$session = new \Phalcon\Session\Adapter\Files();
$session->start();
return $session;
});
After that you can read more here: https://docs.phalcon.io/en/latest/reference/session.html
Section "Storing/Retrieving data in Session"
if ($this->session->has("YOUR_SESSION_NAME_HERE")) {
// Logged in
} else {
// Not logged in. Redirect or do something...
}