For those, who also feel that the ruby cgi session expiration mechanism
does not work as expected:
The session is always created from afresh, that is, if you specify a
session expiration date of a week ahead, the next time you kill the
browser your session expires, as opposed to expiring in a week from now.
the following patch corrects this behaviour.
I have applied this patch on fedora 20 to ruby-22.214.171.1243-16.fc20.x86_64
and on Centos 7 to ruby-126.96.36.1993-20.el7.x86_64 and both work.
I applied the patch like this:
patch /usr/share/ruby/cgi/session.rb ruby.2.0.session.patch
where ruby.2.0.session.patch is the file containing the above patch.