I have this in my application controller: rescue_from CanCan::AccessDenied do |exception| redirect_to destroy_user_session_path, :method

Question

Asked: June 4, 20262026-06-04T23:53:24+00:00 2026-06-04T23:53:24+00:00

I have this in my application controller:

rescue_from CanCan::AccessDenied do |exception|
  redirect_to destroy_user_session_path, :method => :delete, :alert => exception.message
end

I want to logout the user once they try to open a resource they can’t access.
But, the ‘delete’ method is not used, I get

No route matches [GET] "/authenticate/users/sign_out"

How to logout the user and show the login form (new_user_session)?

BTW The normal logout link works perfectly.

<%= link_to "Logout: #{current_user.name}", destroy_user_session_path, :method => :delete %>

Ace

You must login to add an answer.

Need An Account,

Editorial Team · Answer 1 · 2026-06-04T23:53:25+00:00

Editorial Team

How about?:

rescue_from CanCan::AccessDenied do |exception|
  sign_out :user if user_signed_in?
  redirect_to new_user_session_path, alert: exception.message
end

But IMHO it’s not an expectable behaviour.

The Archive Base Latest Questions