Session keys are often negotiated between the client and the server, based on a mutual agreement. The validity period of such a key depends on the session duration for which it was generated. Since the validity is relatively small, the encryption is sufficient for this period.
If session keys are transmitted, they are encrypted with exchange keys. These are generally asymmetric keys that can only be decrypted by the recipient.