I'm not very experienced with the parts of Rails that are not on the surface.
All I want is to have a session cookie that has the expiration set to session
so it expires when the user leaves their browser or whatever. As a security measurement.
By default the cookie is a session cookie.
You have complete control over the cookie by providing an options hash in config/initializers/session_store.rb
. The options are the same as to Rack::Session::Cookie
(see docs). So for example, for a specific expiration date you can provide :expire_after
.
If you're using Devise, and rememberable
strategy, then there's another cookie which can be used in order to retrieve the user.