They send a 401 to the client if you used a function that reads from an expired session in your APIs