d1f9c70d6a79Peter Sanchez 1 year, 15 days ago 
Adding session token renewal when logging in
patch browse 
1 files changed, 5 insertions(+), 0 deletions(-)

M accounts/routes.go

M accounts/routes.go +5 -0
@@ 130,6 130,11 @@ func (s *Service) LoginAuthPOST(c echo.C
 		}
 	}
 
+	// https://github.com/alexedwards/scs#preventing-session-fixation
+	if err := gctx.Server.Session.RenewToken(c.Request().Context()); err != nil {
+		return err
+	}
+
 	auth.UserLogin(c, form.user.GetID())
 	UpdateLastLogin(c.Request().Context(), form.user)