class ApplicationController < ActionController::Base
rescue_from Authorized::NotAllowed do
respond_to do |f|
f.turbo_stream { render turbo_stream: turbo_stream.update('flash', partial: 'shared/session_expired'), status: :unauthorized }
f.html { redirect_to new_session_path, alert: 'Please sign in again.' }
end
end
end
When a session expires, Turbo requests can start returning 401/302 and the UI gets confusing. Handle unauthorized turbo requests explicitly: return a stream that updates a “session expired” banner or triggers a redirect.
