Updating password keeps you signed in and redirects to show

app/controllers/users_controller.rb

@@ -1,9 +1,11 @@
 class UsersController < ApplicationController
+  include Devise::Controllers::SignInOut
   before_action :authenticate_user!
 
   def update
     if current_user.update(user_params)
-      redirect_to(user_path)
+      bypass_sign_in current_user
+      redirect_to user_path(current_user)
     end
   end
 
@@ -12,7 +14,8 @@ class UsersController < ApplicationController
   end
 
   def create
-    User.create!(user_params)
+    @user = User.create!(user_params)
+    redirect_to @user
   end
 
   def edit_password

app/views/users/edit_password.html.erb

@@ -5,7 +5,7 @@
   ) %>
 <% end %>
 
-<%= form_for(current_user, as: :user, url: password_path(:user), html: { method: :patch }) do |f| %>
+<%= form_for(current_user, as: :user, html: { method: :patch }) do |f| %>
   <div class="govuk-grid-row">
     <div class="govuk-grid-column-two-thirds">
       <h1 class="govuk-heading-l">Change your password</h1>