Session logging is a useful troubleshooting tool for debugging policy problems.
When creating or editing a security rule, an option to log the transaction is available with two options, Log at Session Start or Log at Session End.
For regular logging, the best practice is to log at session end.
The reason for that is that applications are likely to change throughout the lifespan of the session.
A separate session start log is created for each individual application detected during the lifespan of a session. For example, "facebook" it will show "SSL", then "facebook-base" and other facebook related applications depending on the user's activity on the website, and if SSL decryption is configured.
Logging at "session start" is normally done for troubleshooting purpose as this puts extra load on the management plane's CPU.
Additional Information
Monitor logs displaying facebook in the start and end of sessions (including ssl, facebook-base)