diff --git a/classes/Session.php b/classes/Session.php
index e1c83ad4dc..b9daf364db 100644
--- a/classes/Session.php
+++ b/classes/Session.php
@@ -87,6 +87,7 @@ class Session extends Memcached_DataObject
             $session->id           = $id;
             $session->session_data = $session_data;
             $session->created      = common_sql_now();
+            $session->modified     = common_sql_now();
 
             $result = $session->insert();
 
@@ -108,6 +109,7 @@ class Session extends Memcached_DataObject
                 $orig = clone($session);
 
                 $session->session_data = $session_data;
+                $session->modified     = common_sql_now();
 
                 $result = $session->update($orig);
 
@@ -156,6 +158,13 @@ class Session extends Memcached_DataObject
         $session->selectAdd();
         $session->selectAdd('id');
 
+        $limit = common_config('sessions', 'gc_limit');
+        if ($limit > 0) {
+            // On large sites, too many sessions to expire
+            // at once will just result in failure.
+            $session->limit($limit);
+        }
+
         $session->find();
 
         while ($session->fetch()) {
diff --git a/classes/statusnet.ini b/classes/statusnet.ini
index ef631e28d3..29fde93b5d 100644
--- a/classes/statusnet.ini
+++ b/classes/statusnet.ini
@@ -513,7 +513,20 @@ profile_id = K
 id = 130
 session_data = 34
 created = 142
-modified = 384
+modified = 142
+; Warning: using DB_DATAOBJECT_MYSQLTIMESTAMP (256) causes DB_DataObject
+; to SILENTLY REMOVE ATTEMPTS TO SET THIS FIELD DIRECTLY, which is pretty
+; bad because the default behavior for auto-updated TIMESTAMP fields is
+; to use local time. Local time can't be compared to UTC in any useful
+; way, so doing that breaks session GC.
+;
+; Instead we'll use the plain datetime settings so it'll actually save the
+; UTC value we provide when updating.
+;
+; Long-term fix: punch MySQL in the face until it understands that local
+; time is a tool of the cyber-devil.
+;
+;modified = 384
 
 [session__keys]
 id = K
diff --git a/lib/default.php b/lib/default.php
index ce61de5ea5..405213fbea 100644
--- a/lib/default.php
+++ b/lib/default.php
@@ -269,8 +269,9 @@ $default =
         'search' =>
         array('type' => 'fulltext'),
         'sessions' =>
-        array('handle' => false, // whether to handle sessions ourselves
-              'debug' => false), // debugging output for sessions
+        array('handle' => false,   // whether to handle sessions ourselves
+              'debug' => false,    // debugging output for sessions
+              'gc_limit' => 1000), // max sessions to expire at a time
         'design' =>
         array('backgroundcolor' => null, // null -> 'use theme default'
               'contentcolor' => null,