~netlandish/gobwebs commit

da76ee2044ad — Peter Sanchez 4 months ago

Add session token renewal for email magic link login

patch browse

1 files changed, 6 insertions(+), 0 deletions(-)

M accounts/routes.go

M accounts/routes.go +6 -0

@@ 252,6 252,12 @@ func (s *Service) LoginEmailConf(c echo.
 		return err
 	}
 
+	// https://github.com/alexedwards/scs#preventing-session-fixation
+	gctx := c.(*server.Context)
+	if err := gctx.Server.Session.RenewToken(c.Request().Context()); err != nil {
+		return err
+	}
+
 	auth.UserLogin(c, user.GetID())
 	UpdateLastLogin(c.Request().Context(), user)