Expires are handled from server-side. The only way to tell if a session is expired is to try making a server-side call.
If the app is up, the library will automatically send a heartbeat message to the server to keep the connection alive (even if you aren't otherwise sending brainCloud requests).
If the user leaves the app though, call Reconnect() [https://getbraincloud.com/apidocs/apiref/#wrapper-reconnect] when they come back (and wait for the response before continuing brainCloud requests).
That will cause brainCloud to use the anonymousId + profileId stored by the wrapper to establish a new session. (You don't have to prompt the user to log in again - no matter what type of authentication they are using)
You have basically 3 options to ensure user session alive when user left the app:
1 - Optimistic - Assume the session is always good, but be prepared to deal with an expired session and call Reconnect() when that happens. <- To a degree, you have to do this anyway
2 - Pessimistic - Assume anytime that the user "returns" to the app that the session probably expired, and call Reconnect() <- safest and simplest code-wise, though may use a few additional API calls.
3 - Hybrid - record when the user *leaves* the app, and if they come back say less than 10 minutes later, skip the Reconnect() and assume everything is good. > 10 minutes, do the Reconnect() because the session probably expired. (Note - it's hard to be more deterministic than this - cause the heartbeats happen in the background - and you don't know how long it's been since the last heartbeat was sent).
To be fair, it's simplest to do #2.