Steps to reproduce...

• Open the Foreman Login screen
• Wait a long time (overnight?) for the session to time out [1]
• Try to login
• ERROR

[1] - NOTE: I produced this during a chrome upgrade (per script below) last night, then tried to login this morning.
...

Expected Result: Session timed out, back to the login screen again (similar to when the session times out in other parts of the app)

Actual Result: ERF42-4995 [Foreman::Exception]: Invalid authenticity token (500 error)

IRC:
[08:23] <TommyTheKid> Bug or feature? - I "updated chrome" last night, and my foreman screen was sitting at the login. I entered my details, and clicked Login, and got an error that looked a lot like a "500" error Invalid Authenticity Token
[08:23] <Dominic> likely a feature, your session probably timed out
[08:23] <TommyTheKid> There shouldn't be any token "before" I login?
[08:24] <Dominic> there is, every form, including the login form has a token and you even have a session before logging in, which the token's stored in, so it was probably just that
[08:24] <Dominic> (to stop cross site posting attacks)
[08:24] <TommyTheKid> should it be handled cleaner than a 500 error?
[08:25] <Dominic> yeah, I'd accept that :)
[08:25] <Dominic> "go back and refresh, try again"
[08:26] <TommyTheKid> it seems like it only happens at the login screen, otherwise everything else dumps me back to the login screen
[08:27] <TommyTheKid> very niche case, but just a UX thing that I thought I would ask about
[08:28] <Dominic> TommyTheKid: hm yeah, I suppose if your session expired on another page then you may hit the session check before the token authenticity check, hence the redirect. good spot
...
[08:31] <Dominic> TommyTheKid: #6999 originally introduced it, btw