Overview#SessionData as HTTP is stateless, in order to associate a request to any other request, there could be a need to store SessionData between HTTP Requests.
The Best Practices solution is to store that data server-side and only pass the SessionData by-reference and client only knows that reference id and that it must pass the SessionData to the server with each request.
More Information#There might be more information for this subject on one of the following:
Add new attachment
Only authorized users are allowed to upload new attachments.