diff --git a/common/models/user.js b/common/models/user.js
index c1911ee8..b2b5ef88 100644
--- a/common/models/user.js
+++ b/common/models/user.js
@@ -485,7 +485,7 @@ module.exports = function(User) {
         fn(err);
       } else {
         if (user && user.verificationToken === token) {
-          user.verificationToken = undefined;
+          user.verificationToken = null;
           user.emailVerified = true;
           user.save(function(err) {
             if (err) {
diff --git a/test/user.test.js b/test/user.test.js
index c1f9bbe0..79a45aff 100644
--- a/test/user.test.js
+++ b/test/user.test.js
@@ -1418,6 +1418,21 @@ describe('User', function() {
         }, done);
       });
 
+      it('sets verificationToken to null after confirmation', function(done) {
+        testConfirm(function(result, done) {
+          User.confirm(result.uid, result.token, false, function(err) {
+            if (err) return done(err);
+
+            // Verify by loading user data stored in the datasource
+            User.findById(result.uid, function(err, user) {
+              if (err) return done(err);
+              expect(user).to.have.property('verificationToken', null);
+              done();
+            });
+          });
+        }, done);
+      });
+
       it('Should report 302 when redirect url is set', function(done) {
         testConfirm(function(result, done) {
           request(app)