Sessions are an attempt to extract a common authentication and communication layer from the existing clients so that we can handle transport security once, and keystone and deployments can add new authentication mechanisms without having to do it for every client...
For most OpenStack services the auth_token middleware component is the only direct interaction the service will have with keystone. It is the piece .