Right, as soon as you load up a session, the ATIME is updated.

The only other option would be to slurp up the contents of the session file, "thaw" it (with whatever you're using as a serializer), and manually check its expiration.

Since we're dealing with an expiration interval of only 5 minutes, the ATIME modification isn't so much of a concern. However, as the expiration interval increases, the modification of the ATIME value becomes more troublesome.