Rails devise reset_password_token keeps getting marked as "expired"

Question

I'm trying to use devise's reset_password_token to force users to change their password when they log in for the first time, using what I read here: Rails Devise: Set password reset token and redirect user

I get as far as a page loading that says "set your password", but every time I hit submit, there's a notice that says that the reset_password_token has expired and to request a new one. I've tried setting reset_password_token to a variable instead of accessing via the user object (@user.reset_password_token), in case expiration is calculated by if that token was accessed, but it still says it's expired when I try to set my initial password. I'm not sure how expiration is calculated, anybody have an idea?

score 16 · Accepted Answer · answered Jul 28 '11 at 16:36

Found the answer!

When a reset_password_token is generated, @user.reset_password_sent_at needs to be set to Time.now, or else when devise runs @user.reset_password_period_valid? to find out if the reset token is still valid, it will get nil and assume the token has expired.

Rails devise reset_password_token keeps getting marked as "expired"

1 Answers1