Add session token renewal for email magic link login
1 files changed, 6 insertions(+), 0 deletions(-) M accounts/routes.go
M accounts/routes.go +6 -0
@@ 252,6 252,12 @@ func (s *Service) LoginEmailConf(c echo. return err } + // https://github.com/alexedwards/scs#preventing-session-fixation + gctx := c.(*server.Context) + if err := gctx.Server.Session.RenewToken(c.Request().Context()); err != nil { + return err + } + auth.UserLogin(c, user.GetID()) UpdateLastLogin(c.Request().Context(), user)