I did give some thought to removing that, because as far as I'm aware, it's a file that keeps users logged in, with the assumption that if deleted, all users would again need to login, and the file would be recreated (I'm happy to be corrected @dceejay ).
If so, maybe restoring the .sessions.json
could create more problems than not?
But... it was in @cflurin's original DSM configuration, and this post, which persuaded me to keep it in.
Maybe it should go??