cancancan + devise: handling timeoutable exception

Question

In my rails 3 app I'm using devise 3.2.4 and cancancan 1.9.2. My problem is about the timeoutable devise module which works fine but I cannot rescue the right exception so that I can display the correct notice to the user.

my application_controller.rb contains:

rescue_from Exception do |exception|
  unless Rails.env.production?
    raise exception
  else
    redirect_to :back, :flash => { :error => exception.message } 
  end
end

# https://github.com/ryanb/cancan/wiki/exception-handling
rescue_from CanCan::AccessDenied do |exception|
  flash[:error] = exception.message
  respond_to do |wants|
    wants.html { redirect_to main_app.root_url }
    wants.js { render :file => "shared/update_flash_messages" }
  end
end

Whenever the session expires I can rescue a generic CanCan::AccessDenied exception with message You are not authorized to access this page but I'd like to catch a timeoutable Devise (I guess) exception so that I can show the default devise message for that: Your session expired. Please sign in again to continue

Any idea?

Answer 1

When the session times out, the value of flash[:alert] is set to :timeout, which by default is defined in config/locales/devise.en.yml.

So instead of reading the message from exception, try reading from flash[:alert] and make your app react accordingly. For example, this is the code I use in my apps:

rescue_from CanCan::AccessDenied do |exception|
  if user_signed_in?
    # Blank page with an error message
    flash.now.alert = exception.message
    render text: '', layout: true, status: 403
  else
    # Redirect to login screen and display the message
    redirect_to new_user_session_path, :notice => flash[:alert] || "You must login first"
  end
end