diff --git a/app/models/user.rb b/app/models/user.rb
index aedfe36ae..949181b29 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -16,7 +16,8 @@ class User < ActiveRecord::Base
          :validatable,
          :invitable,
          :registerable,
-         :confirmable
+         :confirmable,
+         :timeoutable
 
   scope :active, -> { where('current_sign_in_at >= ?', inactivate_date) }
   scope :inactive, (lambda do
diff --git a/app/views/layouts/application.html.slim b/app/views/layouts/application.html.slim
index afc84c2de..d01b4eb9c 100644
--- a/app/views/layouts/application.html.slim
+++ b/app/views/layouts/application.html.slim
@@ -26,6 +26,7 @@
             .govuk-error-summary__body
               ul.govuk-list.govuk-error-summary__list
                 - flash.each do |key, value|
+                  - next unless value.is_a? String
                   li class="#{key}" data-alert='' #{value.html_safe}
 
 
diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb
index 643cbe2c5..8efff6dba 100644
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@@ -189,7 +189,7 @@
   # ==> Configuration for :timeoutable
   # The time you want to timeout the user session without activity. After this
   # time the user will be asked for credentials again. Default is 30 minutes.
-  # config.timeout_in = 30.minutes
+  config.timeout_in = 1.hour
 
   # If true, expires auth token on session timeout.
   # config.expire_auth_token_on_timeout = false