diff --git a/api/policies/isAuthenticated.js b/api/policies/isAuthenticated.js
index cf84896..11e85b9 100644
--- a/api/policies/isAuthenticated.js
+++ b/api/policies/isAuthenticated.js
@@ -1,9 +1,13 @@
 
 module.exports = function(req, res, next) {
-   if (req.isAuthenticated()) {
+    if (req.isAuthenticated()) {
         return next();
     }
-    else{
-        return res.redirect('/');
-    }
+    
+    //Chrome bug POST same page twice, so I prefer to override the message
+    //req.flash('error', 'You are not permitted to perform this action');
+    if(!req.session.flash) req.session.flash = {}; 
+    req.session.flash.error = ['You are not permitted to perform this action'];
+    
+    return res.redirect(307, '/');
 };
\ No newline at end of file
diff --git a/views/layout.ejs b/views/layout.ejs
index 4c830f0..788ca3a 100644
--- a/views/layout.ejs
+++ b/views/layout.ejs
@@ -6,7 +6,7 @@
     <!-- Viewport mobile tag for sensible mobile support -->
     <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
 
-
+    
     <!--
         Stylesheets and Preprocessors
         ==============================
@@ -34,6 +34,8 @@
   </head>
 
   <body>
+    
+    <%- partial('partial/flash') %>
     <%- body %>
 
 
diff --git a/views/partial/flash.ejs b/views/partial/flash.ejs
new file mode 100644
index 0000000..9a2ff9a
--- /dev/null
+++ b/views/partial/flash.ejs
@@ -0,0 +1,33 @@
+
+<% if (req.session.flash) {  %>
+    <% if (req.session.flash.success) { %>
+        <% for(var i=0; i<req.session.flash.success.length; i++) {%>
+            <div data-alert class="alert-box success radius">
+                <%= req.session.flash.success[i] %>
+                <a href="#" class="close">&times;</a>
+            </div>
+        <% } %>
+        <% req.session.flash.success = undefined %>
+    <% } %>
+    
+    <% if (req.session.flash.warning) { %>
+        <% for(var i=0; i<req.session.flash.warning.length; i++) {%>
+           <div data-alert class="alert-box warning radius">
+                <%= req.session.flash.warning[i] %>
+                <a href="#" class="close">&times;</a>
+            </div>
+        <% } %>
+        <% req.session.flash.warning = undefined %>
+    <% } %>
+    
+    <% if (req.session.flash.error) { %>
+        <% for(var i=0; i<req.session.flash.error.length; i++) {%>
+           <div data-alert class="alert-box alert radius">
+                <%= req.session.flash.error[i] %>
+                <a href="#" class="close">&times;</a>
+            </div>
+        <% } %>
+        <% req.session.flash.error = undefined %>
+    <% } %>
+<% } %>
+