The invention is a method and apparatus for invalidating session data stored in a database. In accordance with the invention, http sessions stored in the database are allowed to remain in the database without real time testing for session time out. Instead, invalid (or timed out) sessions remain in the database until a specified time. At that specified time, all http sessions are invalidated without actually testing them for time out. Alternately, each session can be individually tested for time out and only those sessions which have actually timed out are removed from the database or otherwise invalidated.