diff --git a/flask_security/core.py b/flask_security/core.py
index 228aece..f254e0f 100644
--- a/flask_security/core.py
+++ b/flask_security/core.py
@@ -245,8 +245,9 @@ class Security(object):
 
         identity_loaded.connect_via(app)(_on_identity_loaded)
 
-        app.register_blueprint(_create_blueprint(app),
-                               url_prefix=cv('URL_PREFIX', app=app))
+        bp = _create_blueprint(app)
+        pre = cv('URL_PREFIX', app=app)
+        app.register_blueprint(bp, url_prefix=pre)
 
         app.security = self
 
diff --git a/flask_security/templates/security/passwords/edit.html b/flask_security/templates/security/passwords/edit.html
index b17de1a..723773e 100644
--- a/flask_security/templates/security/passwords/edit.html
+++ b/flask_security/templates/security/passwords/edit.html
@@ -1,6 +1,6 @@
-{% include "../messages.html" %}
+{% include "security/messages.html" %}
 <h1>Change password</h1>
-<form action="{{ url_for('flask_security.reset_password') }}" method="POST" name="reset_password_form">
+<form action="{{ url_for('flask_security.reset_password', token=reset_token) }}" method="POST" name="reset_password_form">
   {{ reset_password_form.hidden_tag() }}
   {{ reset_password_form.password.label }} {{ reset_password_form.password }}<br/>
   {{ reset_password_form.password_confirm.label }} {{ reset_password_form.password_confirm }}<br/>
diff --git a/flask_security/views.py b/flask_security/views.py
index 9b1ace8..a456727 100644
--- a/flask_security/views.py
+++ b/flask_security/views.py
@@ -278,5 +278,6 @@ def reset_password(token):
             do_flash('You did not reset your password within '
                      '%s.' % _security.reset_password_within)
 
-    return redirect(request.referrer or
-                    _security.reset_password_error_view)
+    return render_template('security/passwords/edit.html',
+                           reset_password_form=form,
+                           password_reset_token=token)