From bec1a67dc5df08fda317290a96e3e48da81fa964 Mon Sep 17 00:00:00 2001
From: Peter Sanchez <peter@netlandish.com>
Date: Tue, 12 Dec 2023 15:48:18 -0600
Subject: [PATCH] Add session token renewal for email magic link login

---
 accounts/routes.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/accounts/routes.go b/accounts/routes.go
index d8e14bb..320fab7 100644
--- a/accounts/routes.go
+++ b/accounts/routes.go
@@ -252,6 +252,12 @@ func (s *Service) LoginEmailConf(c echo.Context) error {
 		return err
 	}
 
+	// https://github.com/alexedwards/scs#preventing-session-fixation
+	gctx := c.(*server.Context)
+	if err := gctx.Server.Session.RenewToken(c.Request().Context()); err != nil {
+		return err
+	}
+
 	auth.UserLogin(c, user.GetID())
 	UpdateLastLogin(c.Request().Context(), user)
 
-- 
2.45.2