Recommender　systems　are　used　to　assist　users　in　discovering　their　interests　from　websites.　Companies　deployed　various　types　of　recommender　systems,　including　content-based,　collaborative　filtering-based,　and　session-based.　Especially,　session-based　recommender　systems　have　been　deployed　successfully　in　industry.　In　this　work,　we　conduct　the　systematic　study　on　data　poisoning　attacks　to　session-based　recommender　systems.　An　attacker＇s　goal　is　to　promote　a　target　item　such　that　it　can　be　recommended　to　as　many　people　as　possible.　Our　attack　injects　fake　users　with　carefully　crafted　interaction　sessions　(e.g.,　clicking　sessions)　into　the　recommender　system　to　achieve　this　goal.　The　critical　challenge　is　to　choose　and　arrange　the　items　in　interaction　sessions.　We　formulate　our　attack　as　an　optimization　problem　to　address　this　challenge,　so　that　the　injected　sessions　would　maximize　the　number　of　users　to　whom　the　target　items　are　recommended.　We　evaluate　our　experiments　on　several　real-world　datasets,　which　show　that　our　attack　methods　outperform　existing　methods.　©　2022　ACM.