Rails core - Nov 2014 - Expire session cookie at session end (browser close) with Dalli

A recent PCI scan called out our session cookie expires time. We use 
Memcache with Dalli to store our session data and implement an idle session 
expire, but the scan was not happy with the expire in the cookie. We 
essentially need what is described here: 
http://blog.carbonfive.com/2011/01/23/browser-session-cookies-and-dalli/

My solution was to patch module ActionDispatch::Session::CacheStore 
<https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/session/cache_store.rb#L13>
as
follows:

 module ActionDispatch
   module Session
     class CacheStore < AbstractStore
       def initialize(app, options = {})
         @cache = options[:cache] || Rails.cache
         options[:expire_after] ||= @cache.options[:expires_in] unless
options.key?(:expire_after)
         super
       end
     end
   end
 end

And configured our session_stored.rb initializer with the Rails 3.0 legacy 
format:

 require 'action_dispatch/middleware/session/dalli_store'
 Rails.application.config.session_store :dalli_store,
   :namespace => 'sessions',
   :key => '_sessions',
   :expire_after => nil,
   :expires_in => 4.hours,
   :compress => true,
   :pool_size => 10

I believe the patch preserves the current expected functionality while 
allowing for my use case. Should I submit a pull request?

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-core+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-core@googlegroups.com.
Visit this group at http://groups.google.com/group/rubyonrails-core.
For more options, visit https://groups.google.com/d/optout.