Architecture of session management

I've always been curious as to where to put session communication (getting, setting, etc.) in terms of the architecture of my app. Should it be on the Http layer? By that I mean, Is it good practise to deal with sessions in routes and controllers, or is this a concern of the deeper domain logic and service layers?

I don't know if there's a cut-and-dry answer for this, but I'd be curious to hear others' experiences organising sessions in their apps.