The session tables are obviously handled by Trac alone - the PHP interpreter has no business there. And judging by the column names in the “session” table, the data is not supposed to be cleared out, but left there for future visits.
But you can safely remove the data belonging to unauthenticated users if it’s older than 30 days. That will surely clear up lots of rows in the table, especially if you have many users.