diff --git a/session_api.install b/session_api.install
index 75e27ae..141ffaf 100644
--- a/session_api.install
+++ b/session_api.install
@@ -17,6 +17,11 @@ function session_api_schema() {
         'length' => 64,
         'not null' => TRUE,
       ),
+      'timestamp' => array(
+        'type' => 'int',
+        'not null' => TRUE,
+        'default' => 0,
+      ),
     ),
     'primary key' => array('sid'),
     'unique keys' => array(
@@ -37,3 +42,16 @@ function session_api_update_6100() {
 
   return $ret;
 }
+
+/**
+ * Add a timestamp field.
+ */
+function session_api_update_7001() {
+  db_add_field('session_api', 'timestamp', array(
+    'type' => 'int',
+    'unsigned' => TRUE,
+    'not null' => TRUE,
+    'default' => 0,
+    'disp-size' => 11,
+  ));
+}
diff --git a/session_api.module b/session_api.module
index 016f8b9..0a6f975 100644
--- a/session_api.module
+++ b/session_api.module
@@ -31,7 +31,7 @@ function session_api_start_session() {
  */
 function session_api_get_sid($create = TRUE) {
   static $sid;
-
+$sid = NULL;
   if ($create) {
     // Must initialize sessions for anonymous users.
     session_api_start_session();
@@ -54,10 +54,10 @@ function session_api_get_sid($create = TRUE) {
     else if (!$create) {
       // Return a negative value here, since it won't collide with any
       // session_api IDs.
-    	return -1;
+      return -1;
     }
     else {
-       $session_id = md5(ip_address() . time() . drupal_get_private_key());
+       $session_id = md5(ip_address() . REQUEST_TIME . drupal_get_private_key());
     }
 
     // For the cookie we use the same domain that Drupal's own session cookie uses.
@@ -66,19 +66,21 @@ function session_api_get_sid($create = TRUE) {
     if ($sid) {
       $rec = new stdClass;
       $rec->sid = $sid;
+      $rec->timestamp = REQUEST_TIME;
       $rec->session_id = $session_id;
       drupal_write_record('session_api', $rec, 'sid');
-      setcookie('session_api_session', $session_id, time() + variable_get('session_api_cookie_expire_time', 2592000), '/', $cookie_domain);
+      setcookie('session_api_session', $session_id, REQUEST_TIME + variable_get('session_api_cookie_expire_time', 2592000), '/', $cookie_domain);
     }
     // No sid exists, create new one.
     else {
       $rec = new stdClass();
+      $rec->timestamp = REQUEST_TIME;
       $rec->session_id = $session_id;
       drupal_write_record('session_api', $rec);
       $sid = $rec->sid;
 
       // Set cookie.
-      setcookie('session_api_session', $session_id, time() + variable_get('session_api_cookie_expire_time', 2592000), '/', $cookie_domain);
+      setcookie('session_api_session', $session_id, REQUEST_TIME + variable_get('session_api_cookie_expire_time', 2592000), '/', $cookie_domain);
     }
   }
   return $sid;
@@ -105,11 +107,12 @@ function session_api_menu() {
  */
 function session_api_cron() {
   // Fetch list of outdated sids.
-  $result = db_query("SELECT sap.sid FROM {session_api} sap LEFT JOIN {sessions} s ON (sap.session_id = s.sid) WHERE s.sid IS NULL");
-  $outdated_sids = array();
-  foreach ($result as $session) {
-    $outdated_sids[] = $session->sid;
-  }
+  $query = db_select('session_api', 'sap');
+  $query->leftJoin('sessions', 's', 'sap.sid = s.sid');
+  $query->fields('sap', array('sid'));
+  $query->condition('sap.timestamp', REQUEST_TIME - variable_get('session_api_cookie_expire_time', 2592000), '<');
+  $outdated_sids = $query->execute()->fetchCol();
+
   if (!empty($outdated_sids)) {
     module_invoke_all('session_api_cleanup', $outdated_sids);
     db_query('DELETE FROM {session_api} WHERE sid IN (' . implode(',', $outdated_sids) . ')');