FIX: Clear the session after a reset token was used

2016-09-30 12:20:02 -04:00
parent 4d8d5613e4
commit f62d01ff1b
2 changed files with 2 additions and 0 deletions
@@ -409,6 +409,7 @@ class UsersController < ApplicationController
        @user.auth_token = nil
        if @user.save
          Invite.invalidate_for_email(@user.email) # invite link can't be used to log in anymore
+          session["password-#{params[:token]}"] = nil
          logon_after_password_reset
        end
      end