Home/ Questions/Q 8738453
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T10:44:04+00:00

The issue is that devise is checking the reset_password_sent_at when a user clicks on

  • 0

The issue is that devise is checking the reset_password_sent_at when a user clicks on the link to reset their password (from an email) and when trying to reset (in the form) an error occurs:

Reset password token has expired, please request a new one

Meaning, “when a reset_password_token is generated, @user.reset_password_sent_at needs to be set to Time.now, or else when devise runs @user.reset_password_period_valid? to find out if the reset token is still valid, it will get nil and assume the token has expired.”

What I don’t understand is how and where to assign reset_password_sent_at to Time.now

Do I need to assign Time.now through the console to all Users? If so, How would I do that?

Or, is it a before_create (or something else) that I need to assign Time.now to reset_password_sent_at? If so, how and where should I do this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You don’t need to worry about reset_password_sent_at; that is something devise will take care of setting correctly when a reset_password is sent to the user.

    reset_password_sent_at works in conjunction with the reset_password_within parameter, set in the config/initializers/devise.rb file. It should look something like this:

    config.reset_password_within = 2.hours

    Most likely it is set to nil or 0, and that is making the application throw the password reset token has expired method.

    • 0