I am using devise for authentication. When forgot password is called it asks for mail address and it sends a link to the mail, but when I click on the link in the mail I get:

You need to sign in or sign up before continuing.

How can I change this so that when clicking on the link it asks for a new password?

UPDATE:

I have changed my routes as follows:

devise_for :users do
  resources :users, :only => [:index, :new, :create, :edit, :update, :destroy] 
end

Add this line:

skip_before_filter :authenticate_user, :only => ['password_change_action']

to the controller of the password_change action.

It seems you changed controller that manages passwords (Devise::PasswordsController by default) and added before_filter :authenticate_user! in, do you? Then you need to remove the filter.

If not, can you describe customizations you done?

UPDATE: It's because of conflicting routes of your resources and Devise. Here on a devise wiki you can find solution.