sounds like session_data is still protected

description

eg _session_data on session object.

Also, are they accessible from the web side? If not, this is the first pb to solve independantly of this patch.

todo by<not specified>
activity of#9b60c659e2ee [shared data] remove get/set_shared_data api