In a clustered environment, you use Session Affinity to ensure that requests from the same client always get routed to the same server.
It is mandatory to set up Session Affinity in the load balancers that front the Publisher and Store clusters, and it is optional in the load balancer (if any) that fronts a Key Manager cluster.
However, authentication via session ID fails when Session Affinity is disabled in the load balancer.
The Key Manager first tries to authenticate the request via the session ID. If it fails, the Key Manager tries to authenticate via basic authentication.