Hello,
I would say you could delete them... I guess it would be highly unlikely that the same user is still logged on with the same session (without logging off / logging on again), right?
What is the value of the parameter "http/security_session_timeout"?
Which is the release and patch level of the SAP kernel in use?
Regards,
Isaías