I am using devise for authentication and using devise's default forgot password flow. When user clicks on forgot password link http://localhost:3000/users/password/edit?reset_password_token=F1XrgcSTYs5nssRZrLqf then the user logs into application if some other user is already logged into the application on same browser. I understand It happens because devise checks @current_user in session and @current_user is the one who is logged in application on that browser.
I can I change the behaviour, User who clicks should not login and should be redirected to reset password page.
Aucun commentaire:
Enregistrer un commentaire