~netlandish/gobwebs commit

d1f9c70d6a79 — Peter Sanchez 4 months ago

Adding session token renewal when logging in

patch browse

1 files changed, 5 insertions(+), 0 deletions(-)

M accounts/routes.go

M accounts/routes.go +5 -0

@@ 130,6 130,11 @@ func (s *Service) LoginAuthPOST(c echo.C
 		}
 	}
 
+	// https://github.com/alexedwards/scs#preventing-session-fixation
+	if err := gctx.Server.Session.RenewToken(c.Request().Context()); err != nil {
+		return err
+	}
+
 	auth.UserLogin(c, form.user.GetID())
 	UpdateLastLogin(c.Request().Context(), form.user)