Last Updated: February 25, 2016
·
5.501K
· billeisenhauer

How to maintain a user session after a password change using Devise

Assume that the passwords controller is set for a singleton route. Also, assume that the authenticated model is an Account. With that, you have the following:

def update
  if current_account.update_with_password(params[:account])
    sign_in(current_account, :bypass => true)
    flash[:notice] = 'Password updated.'
    redirect_to account_path
  else
    render :action => :show
  end
end

The key ingredient is the sign_in method call which seeks to re-sign-in the account, but bypasses the warden callbacks and stores the account into the session.

http://stackoverflow.com/questions/4264750/devise-logging-out-automatically-after-password-change/