I uploaded a patch here:
https://openacs.org/sdm/one-patch.tcl?patch_id=320.
Note: It does add overhead to the RP ... whenever the session cookie of a logged in user is renewed, there's a DB hit. Given that we only do this for logged in users, it's probably not a real issue.
Hasn't been tested on Oracle.
Please try it out and let me know if this works for you.
/Lars