Just to close the loop here: a support case was opened for this request.
OTK Session DB should not be used directly. The corresponding encapsulated assertions found in 'manage/session' folder should be used instead.
A sample has been attached here.
To test:
1) Publish a Web API, name it whatever you see fit
2) Import the policy
3) Navigate to the published service created above in a browser and you will be presented with 3 options, STORE, GET, DELETE.
4) Click the STORE option first, it will store the session data
5) Navigate back to the main page and click GET, it will return the data cached previously.
6) Navigate back to the main page and click DELETE, it will now delete the session data. This can be confirmed by again choosing the GET option which will now return empty values.