Hi Andrew,

So I end up with something like this?

get '/reset/:token' => sub {

    return template 'passreset' => {
   
    my $input_hash {
       
    token => params->{token}
 
    }

    } # end of return

    # compare against stored tokens
    my ($matched_user_id) = User->lookup_tokens($input_hash->{token});

    if ($user_id < 1) { # does not match

         halt("Unauthorized");
   
    }
                   
     # token matches that of user no 349.
 
    session mathced_user_id => $matched_user_id;
                   
};


For the sake of Dancer2 posterity I should mention that I believe that my problem was caused by the fact that I was trying to capture the variable after the return. As Andy Beverly was kind enough to explain to me, once you return you return and the rest of the block of code is not executed. Capturing the variable -- in ways that all of your rightly suggested -- before the return solved my problem. I think I should also mention that D2 Auth::Extensible now takes care of all of this password reset business.  So anyone wanting to deal with the pain that is a "password reset system" should look into it.