Does the session become nil? Does the change take effect only on the next request?

I think I just asked three questions now...

You can try to explore by using the similar settings:

AppName::Application.config.session_store :cookie_store, key: '_session_key', expire_after: 20.seconds

Then open up dev tools in your browser and go to cookies and select localhost cookies to see what happens.

I found out that:

1. Session cookie gets deleted after the expiration time

2. Expiration time for a cookie gets updated automatically (re-set) upon any request (even background ajax request counts)

3. The effect by default will take place upon the next request (refreshing the page for example) and if you use typical authentication (has_secure_password_ for example) user should be logged out

I found the last comment on the ActionController::Base documentation page really helpful on this topic