diff --git a/seahub/auth/forms.py b/seahub/auth/forms.py
index e3c000d346..46ccf0bec1 100644
--- a/seahub/auth/forms.py
+++ b/seahub/auth/forms.py
@@ -7,7 +7,7 @@ from seahub.base.accounts import User
 from seahub.auth import authenticate
 from seahub.auth.tokens import default_token_generator
 from seahub.utils import IS_EMAIL_CONFIGURED, send_html_email, \
-    is_valid_username, is_ldap_user, is_user_password_strong
+    is_valid_username, is_ldap_user, is_user_password_strong, clear_token
 
 from captcha.fields import CaptchaField
 
@@ -156,6 +156,7 @@ class SetPasswordForm(forms.Form):
         self.user.set_password(self.cleaned_data['new_password1'])
         if commit:
             self.user.save()
+        clear_token(self.user.username)
         return self.user
 
 class PasswordChangeForm(SetPasswordForm):
diff --git a/seahub/views/sysadmin.py b/seahub/views/sysadmin.py
index c683b2df6e..71c78aa686 100644
--- a/seahub/views/sysadmin.py
+++ b/seahub/views/sysadmin.py
@@ -829,6 +829,7 @@ def user_reset(request, user_id):
             new_password = INIT_PASSWD
         user.set_password(new_password)
         user.save()
+        clear_token(user.username)
 
         if IS_EMAIL_CONFIGURED:
             if SEND_EMAIL_ON_RESETTING_USER_PASSWD: