With the Confirmable module enabled, Devise will not allow an unconfirmed user to sign in after a predefined period of time has elapsed. Instead the user is redirected back to the sign in page with the flash message "You have to confirm your account before continuing".

This is an undesirable interaction model, as a flash notice does not provide adequate space to properly explain to the user why access has been denied, what "confirm your account" means, provide a link to resend the confirmation, and instructions on how to check your spam folder and so on.

Is there a way I can change this behaviour to redirect to a specific URL instead?

Sorry at first I thought you meant after Sign Up not Sign In. So the down below works for how to direct users after Sign Up and what you need to do for Sign In is to create a custom Devise::FailureApp

See the wiki page: https://github.com/plataformatec/devise/wiki/How-To:-Redirect-to-a-specific-page-when-the-user-can-not-be-authenticated

Then within your custom FailureApp overwrite redirect_url method from https://github.com/plataformatec/devise/blob/master/lib/devise/failure_app.rb:

  def redirect_url
    if warden_message == :unconfirmed
      custom_redirect_path
    else
      super
    end
  end

For custom redirect after Sign Up:

There is a controller method after_inactive_sign_up_path_for within the RegistrationsController that you can overwrite to accomplish this.

First in your Routes you will need to specify to use your custom controller:

config/routes.rb:

  devise_for :users, :controllers => { :registrations => "users/registrations" }

Second you create your custom controller that inherits from the normal controller in order to overwrite the method:

app/controllers/users/registrations_controller.rb

class Users::RegistrationsController < Devise::RegistrationsController

  protected

  def after_inactive_sign_up_path_for(resource)
    signed_up_path
  end

end

In this case for my App my Devise model is User so you may want to change that namespace if your model is named differently. I wanted my users to be redirected to the signed_up_path, but you can change that to your desired path.

I just did this, but took a different approach.

in app/controllers/sessions_controller.rb:

class SessionsController < Devise::SessionsController

  before_filter :check_user_confirmation, only: :create

  #
  # other code here not relevant to the example
  #

private

  def check_user_confirmation
    user = User.find_by_email(params[:email])
    redirect_to new_confirmation_path(:user) unless user && user.confirmed?
  end
end

This worked for me and seemed minimally invasive. In my app new sessions always have to go through sessions#create and users always sign in with their email address, so this may be a simpler case than yours.

You can of course redirect_to any location you desire in the check_user_confirmation method. new_confirmation_path was the logical choice for me because it provides users with the resources to get confirmed.

This is my solution you need to add :unconfirmed message on devise locales below the sessions.

in app/controllers/sessions_controller.rb

  def check_user_confirmation
    user = User.where(email: params[:user][:email]).take

    unless user && user.confirmed?
      set_flash_message! :alert, :unconfirmed
      expire_data_after_sign_in!
      respond_with user, location: after_inactive_sign_up_path_for(user)
    end
  end

  protected

  def after_inactive_sign_up_path_for(resource)
    new_user_session_path
  end