Why is the userIdentity.sessionContext field missing from AwsConsoleAction entries in CloudTrail?

We are processing CloudTrail logs to check and highlight actions not protected by MFA.

When someone signs in as Root all the events with eventType AwsApiCall have sessionContext populated. For events of type AwsConsoleAction it is missing. Can we get the context and MFA state somehow?

(ConsoleAction events do have tlsDetails which is missing for AwsApiCall)