Just want to know how the expired session were deleted from DB, do better-auth handled this or we have to manage manually?