Devise logging out automatically after password change

The example above did not work for me using multiple scopes in Devise.

I had to add the scope/resource name in the sign_in path for it to work, and to prevent chaos I also had to sign out the old user or else all kinds of confusion would abound.

The changes I had to make would look something like this using the above example.

def update
   if current_account.update_with_password(params[:account])
     sign_out(current_account)
     sign_in(:account, current_account, :bypass => true)
     flash[:notice] = 'Password updated.'
     redirect_to account_path
   else
     render :action => :show
   end
end

Edit to add: I believe I had to forcibly sign out the user because somewhere I overrode Devise's code in order not to have users sign out during certain actions. In hindsight; not a good idea! This approach is much better! Being that it is safer to make your own Controllers versus overriding Devise's code unless it's absolutely unavoidable.

You can simply set sign_in_after_reset_password in your devise.rb

config.sign_in_after_reset_password = true

Edit: As of 2020 this defaults to true

I had the same problem and the following code seems to work for me.

Assume that the passwords controller is set for a singleton route. Also, assume that the authenticated model is an Account. With that, you have the following:

def update
  if current_account.update_with_password(params[:account])
    sign_in(current_account, :bypass => true)
    flash[:notice] = 'Password updated.'
    redirect_to account_path
  else
    render :action => :show
  end
end

The key ingredient is the sign_in method call which seeks to re-sign-in the account, but bypasses the warden callbacks and stores the account into the session.