diff --git a/lib/wsapi/complete_reset.js b/lib/wsapi/complete_reset.js
index 5a00e91dda30d717d13d6a361dc448e3529bd882..b48f6582e94814fa91c730f4e68c760a6c1b4ae2 100644
--- a/lib/wsapi/complete_reset.js
+++ b/lib/wsapi/complete_reset.js
@@ -59,9 +59,9 @@ exports.process = function(req, res) {
       if (err) return wsapi.databaseDown(res, err);
 
       if (!known) {
-        // clear the pendingCreation token from the session if we find no such
+        // clear the pendingReset token from the session if we find no such
         // token in the database
-        delete req.session.pendingCreation;
+        delete req.session.pendingReset;
         return res.json({ success: false} );
       }
 
@@ -70,9 +70,9 @@ exports.process = function(req, res) {
           logger.warn("couldn't complete email verification: " + err);
           wsapi.databaseDown(res, err);
         } else {
-          // clear the pendingCreation token from the session once we
-          // successfully complete user creation
-          delete req.session.pendingCreation;
+          // clear the pendingReset token from the session once we
+          // successfully complete password reset
+          delete req.session.pendingReset;
 
           // At this point, the user is either on the same browser with a token from
           // their email address, OR they've provided their account password.  It's