Enable-SPSessionStateService will do the following:
Creates a session state database and turns on the session state service.
Nice! Everything runs smoothly until the following health rule generates a warning:
Expired sessions are not being deleted from the ASP.NET Session State database.
Strange? Not so. According to the permissions and security settings article, your main account only needs dbcreator and securityadmin rights. But, when you enable the session state service, a job has to be created under the SQL Agent Service, which you need sysadmin rights for. So if your account only has dbcreator and securityadmin at runtime, kindly ask the SQL team to give sysadmin for just a sec.
If you already created the service application with the wrong SQL permissions, you can always manually create a job under the SQL Agent Service to execute the “DeleteExpiredSessions job”.