diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 228e0fb1e..98fcffdcd 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -10,6 +10,10 @@ class ApplicationController < ActionController::Base
   around_action :set_time_zone, if: :current_user
   layout 'main'
 
+  rescue_from ActionController::InvalidAuthenticityToken do
+    redirect_to root_path
+  end
+
   def respond_422(message = t('client_api.permission_error'))
     respond_to do |format|
       format.json do
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
index 6f0f86d60..3c2b0af94 100644
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@@ -1,6 +1,11 @@
 class Users::SessionsController < Devise::SessionsController
   # before_filter :configure_sign_in_params, only: [:create]
   after_action :after_sign_in, only: :create
+
+  rescue_from ActionController::InvalidAuthenticityToken do
+    redirect_to new_user_session_path
+  end
+
   # GET /resource/sign_in
   def new
     # If user was redirected here from OAuth's authorize/new page (Doorkeeper