~netlandish/gobwebs: Adding session token renewal when logging in

f82c156385b9d756ddbd01ce454d035befbb8b98 — Peter Sanchez 11 months ago 0c1c4e8

Adding session token renewal when logging in

patch browse .tar.gz

1 files changed, 5 insertions(+), 0 deletions(-)

M accounts/routes.go

M accounts/routes.go => accounts/routes.go +5 -0

@@ 130,6 130,11 @@ func (s *Service) LoginAuthPOST(c echo.Context) error {
 		}
 	}
 
+	// https://github.com/alexedwards/scs#preventing-session-fixation
+	if err := gctx.Server.Session.RenewToken(c.Request().Context()); err != nil {
+		return err
+	}
+
 	auth.UserLogin(c, form.user.GetID())
 	UpdateLastLogin(c.Request().Context(), form.user)