You can clone with
No one assigned
While intended to be unique (the docs also say it is), the perishable_token is not unique. This can (and does) cause difficult to find bugs where user A tries to reset their password and ends up resetting user B's password if their perishable token is the same.
perishable_token should be either a GUID value, or some combination of time + random to ensure uniqueness.
I've recently had two instances reported to me where a user comes to my site and is authenticated as a different user. I can't reproduce it but I know for certain that it happened based on the user reports. Is this caused by this problem with perishable token not being unique?
I hate devise but I'm going to have to abandon authlogic if there isn't some resolution on this soon.
If you enforce uniqueness in your database, this problem shouldn't happen, right? (And if you choose not to, you'll always be open to a check-and-set race condition.)