The session is created for each website visitor. The time of last user activity is also stored in the session. When last activity time was more than 1 hour (configurable) ago, then session is scheduled for removal from CRON.
The code, that removes inactive sessions was originally developed for Web Request and therefore presumes, that there is always a session that can be used to delete other session. Once executed from CRON it will create session each time it's executed.
Solution
Access "SessionStorage" object directly (instead of asking "Session" object for it) when deleting expired sessions.