Session files cleanup

So I noticed that (expired)session-files are not being deleted automatically? Maybe that is intended behavior in a dev-environment? If not, how is that cleanup influenced? (or in other words, what did I propably mess up :stuck_out_tongue:). Because I just deleted 1000+ session-files manually.

I have double checked, I do not set any gcInterval value, but it should default at 100? So that doesn’t make sence.

One thing I just realized is I do a login-action on page-reload (for testing purposes). So everytime I hit F5 it does a new login via the api/auth/login. It does create a new session for every login request. Will those never expire as suggested by the comment in the info-blob under the section timeout?

If that is the case I would classify this behavoir as bug-like? I mean internet connections are not that reliable to prevent double-calls (or lack of logout calls).