I don't know much about how session works, but I have seen some code "keep alive" a session even though there is no actual user interaction happening.
Example, under some circumstances editing an article in the CMS will "keep alive" a session long past any session expiration time limit.
I believe this is mostly expected behavior, from my understanding the "expiration" is really the limit of when the session should close if there are no "user actions".
But I'm not sure what event's constitute "user actions", when an action should start a "keep alive" process (like editing) or what will kill a "keep alive" process to allow the session expiration timer to restart.