Last Updated: February 25, 2016
· billeisenhauer

How to maintain a user session after a password change using Devise

Assume that the passwords controller is set for a singleton route. Also, assume that the authenticated model is an Account. With that, you have the following:

def update
  if current_account.update_with_password(params[:account])
    sign_in(current_account, :bypass => true)
    flash[:notice] = 'Password updated.'
    redirect_to account_path
    render :action => :show

The key ingredient is the sign_in method call which seeks to re-sign-in the account, but bypasses the warden callbacks and stores the account into the session.