[eluser]TheFuzzy0ne[/eluser]
Looks pretty standard to me.
Yes, any sessions where the last activity is more than 15 days ago will be removed from the database.
The intermittent sessions. Do they still remain in the database or are they cleared? If they are still in the database, that suggests to me that there is a problem with the cookies.
What authentication methods are being used at the beginning of each request? I use a method that refreshes the userdata on each request, and checks to see whether or not the user has been suspended, as I don't want suspended users running around on the site just because they haven't deleted their cookie, so I delete the cookie for them.