Recently I noticed that a site that uses Magento has not been cleaning up the session files. I created a cron job to clean up the files
find [path to magento install]/var/session/ -name “sess*” -atime +0 -type f -delete
Which deletes all the files older than 0 days (e.g. > 24 hours).
After I put this change in, I found an article recommending something similar (though they would have the sessions be kept for a week).
For a discussion of the different “time” arguments (mtime, ctime, atime) go here.