I''m writing a page that allows users to change their passwords. Looking here, http://wiki.rubyonrails.com/rails/show/LoginGenerator somebody''s recommendation is to do some of the validation in the controller::change_password method and then call a method on the user model to store the new password. This strikes me as a slight break in the MVC pattern. Shouldn''t the user model contain all the validation code? So, if I were to try to put the validation in the user model, how can I handle form fields with extra attributes that don''t get stored in the model, such as "old_password" and "password_confirmation"? The other problem I''m having is that I''m trying to use <%= error_messages_for ''user'' %> To display validation errors when trying to change the user''s password. The problem is, once validation fails, the user.errors member seems to keep the errors even when I leave the page and come back to it, so that the same errors keep getting displayed even when they are no longer applicable. What is the proper way to clear out these errors after displaying them? How come this doesn''t seem to happen on pages that just have a simple one-to-one mapping between model attributes and form fields? Thanks, Carl Youngblood