A session is typically defined by your web server - but should form a chain of events. For example, a session is usually from when a user opens your web site to when they close it. Each event requires a session ID so that events can be associated with the same session. If a user browses to a product, adds it to a cart, and orders it - all of these events require the same session ID. Our recommendation is to hash this session ID for obscurity.