SessionTimeout is a Rails plugin by Luke Redpath that makes enforcing short session times easy, like so:

class ApplicationController
	session_times_out_in 600, :after_timeout => :do_something

	def do_something
	  logger.info "HELLO, IVE TIMED OUT!"
	end
end

Luke explains:

With Rails built-in session options, you can set a specific session expiry time however in production mode this expiry time is set just the once. This is fine if you are setting your expiry time far in the future (and therefore you are likely to restart your server processes by that time) but if you want to set your timeout in the near future, your session expiry will soon be a date/time in the past - this will cause a new session to be created for every new request resulting in disaster.