This is how I assume things work:
When you initiate the app, an instance of mainmodule is created,
and a unique session constant is created and associated with that instance,
and this constant is also stored in the browser.
As you go on using the instance, a check is performed for every request,
comparing the browser stored constant with the mainmodule constant,
and as long as these match, the session is considered alive.
Also, a session timeout timer is running at the servermodule, and if this
gets triggered, the session constant is cleared, effectively blocking any
further requests from the browser, and the servermodule then reports
the timeout and offers a reload to the browser.
After using Unigui for a while, I do not really see such a great need for
documentation. I know it sounds weird, but it is almost a good thing that
you have to work a bit in the beginning, having a somewhat steep learning
curve, because you then learn the stuff in a practical way, and that sticks.