Glad to help!
The rt-clean-sessions cronjob is still needed or is cleanup done on every user action?
I looked at the code very quick and it looks like the old session will still be stored in the database but the user will still be required to create a new session by loggin in again
if ( $last_update && ( $now - $last_update - RT->Config->Get('AutoLogoff') ) > 0 ) {
InstantiateNewSession();
}
So yes, I do believe you need to clean out your sessions table in the DB. But just to remove clutter not to ensure the user is properly logged out.
I’ll test it and create a wiki page, so it’s easier to find searching for terms like “session timeout”.
Definitely a good idea!