The short answer is: it’s up to you.
This module only provides a few
helpers to help you manage the token,
but it is up to you to choose how to
use it. For example, if you want to
have a new token every time the user
saves his account, you can do the
following:before_save :reset_authentication_tokenOn the other hand, if you want to
generate token unless one exists, you
should use instead:before_save :ensure_authentication_tokenIf you want to delete the token after
it is used, you can do so in the
after_token_authentication callback.
See the documentation for this model at http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable.