Do active_record_store sessions expire by default?

Session expiration equals session _cookie_ expiration.

By default the cookie has no expiration date, which means it expires when the user closes the browser. You can set a fixed expiration window with

   ActionController::Base.session_options[:session_expires] = something

and dynamic expiration with this plugin

The very database cleanup has to be done by hand. Just put a cron task that deletes old records in the sessions table.

-- fxn