Passthrough sessions are sessions that occur when a user starts an application that is located on a remote server from his Workspace Control session. When the user starts the application, a new session is started on the remote server to deliver the application to the user's desktop. This can be a Citrix XenApp published application or a Microsoft RemoteApp applications. With the option Always allow passthrough sessions, you can exclude these sessions from the security restrictions on Sessions.
You can read more about Citrix XenApp published applications and Microsoft RemoteApp applications in the chapter Integration.