[eluser]ChiefChirpa[/eluser]
_sess_gc is called whenever you create a session, this function randomly (5% chance) deletes all sessions older than your sess_expiration value.
Also individual sessions are destroyed if they time out, fail to validate, etc...
Take a look at the Session library...