Managing User Sessions via API

I am leveraging the pdpyras python module for API interaction with PagerDuty.

I am able to successfully query and gather all “active sessions” for users, per the following reference:
https://developer.pagerduty.com/api-reference/reference/REST/openapiv3.json/paths/~1users~1{id}~1sessions/get

What I am not sure about, is what constitutes an “Active session.” For many users (including myself, the primary PagerDuty admin), there are sessions returned on this query that date back months in age, and I am sure that I am not still using those sessions. When I query my own sessions, I get 40+ back.

The reason I was interested was so that I could query this information to validate that our users have switched over to SSO since we have enabled it. With the data I am getting back, I cannot comfortably rely on it to verify users have performed a recent login.

When does a session expire in PagerDuty, if it was not exited properly? (IE, via clicking Logout.)
Is this configurable?

I seem to recall 90 days for some sessions, maybe mobile. I don’t think we have an actual session clean-up or expiration that’s reliably used across the board today. Nothing configurable today.

I’ve created solutions for other customers to assess active/inactive sessions by using this session data and then querying the incident log entries endpoint to see if the user has done anything recently. If not, I’d kill the older sessions.