I see read-only sessions being updated in various ways.

The most frequent is:

Script /lib/ajax/getnavbranch.php defined READ_ONLY_SESSION but the following SESSION attributes were changed: $SESSION->activegroup

Usually observed with referrer: /user/index.php or /my/.

There's also these ones, though not quite as common:

Script /lib/ajax/service.php?info=tool_mobile_get_public_config&lang=he defined READ_ONLY_SESSION but the following SESSION attributes were changed: $SESSION->lang

Script /lib/ajax/service.php?sesskey=(hidden)&info=core_calendar_get_action_events_by_timesort defined READ_ONLY_SESSION but the following SESSION attributes were changed: $SESSION->lang

Script /lib/ajax/service.php?sesskey=(hidden)&info=media_videojs_get_language defined READ_ONLY_SESSION but the following SESSION attributes were changed: $SESSION->lang

Script /lib/ajax/service.php?sesskey=(hidden)&info=core_courseformat_get_state defined READ_ONLY_SESSION but the following SESSION attributes were changed: $SESSION->lang