Devise Timeout Working, but Not Redirecting

Question

I have setup up the :timeoutable and set the preferences for my development environment and production. The timeout is working perfectly except that it isn't redirecting to the signin page. For testing I've set the timeout to 10 seconds.

If I log in, wait 10 seconds, nothing happens. If I reload the page, it will load the same page but I won't be logged in.

Answer 1

In the past, a Devise timeout would always redirect back to the sign in page. But people found this confusing. The idea was that if a user was on a page that didn't require a sign in, when the timeout occurred the user should be allowed to remain there. This customization was the recommended way to get this behavior.

The default timeout behavior was documented as a bug in Issue #1596 and this commit made a change so that timeouts would try to stay on the current page.

When a timeout occurs, the timeoutable code throws a timeout message and the FailureApp class uses the redirect_url method to decide where to redirect to. If you would always like to redirect to the sign in page, you can override the redirect_url method:

In config/initializers/devise.rb set up these lines within the Devise.setup do |config| ... end block:

require "custom_failure_app"

config.warden do |manager|
  manager.failure_app = CustomFailureApp
end

Create a new file at lib/custom_failure_app.rb with the following code:

class CustomFailureApp < Devise::FailureApp
  def redirect_url
    scope_url  # Always redirect to signin page
  end
end

Note that scope_path was changed to scope_url in this commit. So depending upon how recently you've updated your devise gem you may need to change this.