Here are two important MSDN articles:
http://support.microsoft.com/kb/317604[
^]
http://support.microsoft.com/kb/311209[
^]
In the first one, there is the following paragraph:
Quote:
If entries in the ASPStateTempSessions table are not removed after the related sessions expire, make sure that the SQL Server agent is running. You can implement this functionality through stored procedures that are scheduled through jobs in SQL Server. The SQL Server agent manages these jobs.
As you see, the deletion is done by a job - thus won't work with SQL Express :(
By default, if you don't specify any initial catalog, the session data is stored in the tempdb (with all it's consequences). But you specified an other database (TEMP, that is not tempdb). Pay attention to the following paragraph in the second article:
Quote:
If you notice that the entries in the ASPStateTempSessions table are not removed after the related sessions have exceeded their expiration, make sure that SQL Server Agent is running. This functionality is implemented through stored procedures that are scheduled through jobs in SQL Server. SQL Server Agent manages these jobs.
You can of course implement other mechanism to handle session timeout, but all on sql server side. Make sure to have the session cookie and the authentication cookie timeout synchronized with the session timeout.
Theoretically, you might not encounter issues with long sessions, but keep in mind, that the database size might grow large. All depends on the number of users you are serving.