Sessions are not deleted from database

Old sessions are only deleted under 2 conditions:

1. If a user uses the `DeleteSession` endpoint
2. If a user uses an expired refresh token for `GetAuthToken` endpoint

Overtime sessions will add up in database, maybe something should be done
