# HG changeset patch
# User Peter Sanchez <peter@netlandish.com>
# Date 1702417698 21600
#      Tue Dec 12 15:48:18 2023 -0600
# Node ID da76ee2044ad7f3d5c2998d26b6bb9c0ab1486f7
# Parent  d1f9c70d6a795f3350cbcfdfb4b2f3e4c0619db3
Add session token renewal for email magic link login

diff --git a/accounts/routes.go b/accounts/routes.go
--- a/accounts/routes.go
+++ b/accounts/routes.go
@@ -252,6 +252,12 @@
 		return err
 	}
 
+	// https://github.com/alexedwards/scs#preventing-session-fixation
+	gctx := c.(*server.Context)
+	if err := gctx.Server.Session.RenewToken(c.Request().Context()); err != nil {
+		return err
+	}
+
 	auth.UserLogin(c, user.GetID())
 	UpdateLastLogin(c.Request().Context(), user)