diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index dc29eee13a6..5def5ddedf2 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -1,6 +1,8 @@
 PROFILER_SESSIONS_FILE = 'used_tags.txt'
 
 class ApplicationController < ActionController::Base
+  protect_from_forgery with: :exception, prepend: true
+  rescue_from ActionController::InvalidAuthenticityToken, with: :display_auth_error
 
   helper :all # include all helpers, all the time
 
@@ -19,6 +21,10 @@ def sanitize_ac_params
     end
   end
 
+  def display_auth_error
+    redirect_to '/auth_error'
+  end
+
   def transform_sanitized_hash_to_ac_params(key, value)
     if value.is_a?(Hash)
       ActionController::Parameters.new(value)
@@ -461,8 +467,4 @@ def valid_sort_direction(param)
                       :store_location,
                       if: proc { %w(js json).include?(request.format) }
 
-  #### -- AUTHORIZATION -- ####
-
-  protect_from_forgery with: :exception, prepend: true
-
 end
diff --git a/app/controllers/errors_controller.rb b/app/controllers/errors_controller.rb
index aec41017a43..6db5f3702f5 100644
--- a/app/controllers/errors_controller.rb
+++ b/app/controllers/errors_controller.rb
@@ -8,5 +8,8 @@ class ErrorsController < ApplicationController
       end
     end
   end
+
+  def auth_error
+  end
   
 end
diff --git a/app/controllers/user_sessions_controller.rb b/app/controllers/user_sessions_controller.rb
index dc71d7a6692..afb9d868291 100644
--- a/app/controllers/user_sessions_controller.rb
+++ b/app/controllers/user_sessions_controller.rb
@@ -1,18 +1,9 @@
 class UserSessionsController < ApplicationController
 
-  # I hope this isn't catching unwanted exceptions; it's hard to locate
-  # where exactly the exception is thrown in case of no cookies. --rebecca
-  rescue_from ActionController::InvalidAuthenticityToken, with: :show_auth_error
-
   layout "session"
   before_action :admin_logout_required
   skip_before_action :store_location
 
-
-  def show_auth_error
-    redirect_to "/auth_error.html"
-  end
-
   def new
   end
 
diff --git a/app/views/errors/auth_error.html.erb b/app/views/errors/auth_error.html.erb
new file mode 100644
index 00000000000..47956f351b6
--- /dev/null
+++ b/app/views/errors/auth_error.html.erb
@@ -0,0 +1,2 @@
+<h2 class="heading">Session Expired</h2>
+<p>Your current session has expired and we can't authenticate your request. Try logging in again, refreshing the page, or <a href="http://kb.iu.edu/data/ahic.html">clearing your cache</a> if you continue to experience problems.</p>
diff --git a/config/routes.rb b/config/routes.rb
index c3b8912df8b..90b8e6e051a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -15,6 +15,7 @@
   get '/404', to: 'errors#404'
   get '/422', to: 'errors#422'
   get '/500', to: 'errors#500'
+  get '/auth_error', to: 'errors#auth_error'
 
   #### DOWNLOADS ####