Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Clearing confirmation token #2544

markturner opened this Issue Aug 2, 2013 · 8 comments


None yet
3 participants

Why does confirm! clear the confirmation token?

This means that if a user clicks the confirmation link in their email for a second time, they are shown the rather unintuitive "Confirmation token invalid" error, instead of the more helpful "Email was already confirmed, please try signing in" error which is shown when I put the confirmation token back.

So wouldn't it make more sense to keep the confirmation token in the database record?

@markturner markturner closed this Aug 2, 2013

@markturner markturner reopened this Aug 2, 2013


josevalim commented Aug 2, 2013

Maybe we could improve the "Confirmation token invalid" message to say: it is invalid or the e-mail was already confirmed? The confirmation token provides full access to a given user in the application, we don't want to leave them in the table longer than they are supposed to be.

I see your point, but the confirmation token can't be used to access that user if they are already confirmed can it?


josevalim commented Aug 2, 2013

You are right. Yes, I think this issue could be addressed them. @plataformatec/devise what do you think?

Thanks. Would be ideal if it could redirect to sign-in rather than the 'resend confirmation email' prompt in this case.


rafaelfranca commented Aug 2, 2013

I don't see any problem in changing this behavior. 👍

Have opened a pull request with my solution for this, feel free to use it or not 😃


josevalim commented Aug 8, 2013

Closing this in favor of the pull request, thanks @markturner!

@josevalim josevalim closed this Aug 8, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment