That's the only way that I know to do it. However, it is partly for this reason that I use an SQL database to store session information. Not only is it tidier than "files," but it also gives you a very-direct way to store ancillary information such as expiry-dates.

I do know that PHP's session-handler provides a way for you to set a random (small...) probability that session-file cleanup should be done automagically. At random intervals, someone somewhere gets stuck with the job. Personally, though, I think that a cron-based process is fairer and cleaner.