问题:

Scenario is this: User has 2 windows on which s/he is logged in. S/he logs out of one, stays logged in on the other, and then on the latter, triggers some action, say a form submission.

Initially, what happened is that it threw a invalid authenticity token error. I've updated the protect_from_forgery in ApplicationController to be with: :null_session so that instead of the Exception it throws a 401.

Great! Now for step 2, rather than the user just seeing a line of text saying You need to sign in or sign up before continuing., I'd like to redirect him/her back to the sign in page.

This is where I'm having problems... I've been reading this guide: http://agileleague.com/blog/rails-3-2-custom-error-pages-the-exceptions_app-and-testing-with-capybara/ which says that 401 errors are not default caught by rails. The guide has two lines of code that will define it and catch it, and then one line of code in the route that will make the routing work. Basically it looks like this:

# add to app/controllers/application_controller.rb
class UnauthorizedException < Exception; end

# add to app/config/application.rb
config.action_dispatch.rescue_responses.merge!('ApplicationController::UnauthorizedException' => :unauthorized)

# add to routes (in my case this is what I've done for Devise)
devise_scope :user do
  match '/401', to: 'users/sessions#new', type: "401", via: :get
end

Now I'm very green at Exceptions handling, but that looks incomplete to me... and it is not working either. If I navigate to /401 in my local server I do get taken to the sign in page so great, the routing works. But if I replicate the scenario outlined above that leads to the 401 in the first place, rather than being redirected, I still am just left with a page that has a single line of plain text.

Help?