[eluser]WanWizard[/eluser]
In the session library.
A session expires by setting an expiration time on the session cookie. If the expiration time is passed, the browser will delete the cookie, and not send it to the application, which causes the creation of a new session. So this process is client-side, you can't influence it.
The session library also has a garbage collection method, that takes care of deleting expired session records. You might want to extend that method, first query all expired records, do what you have to do, then delete them.