fix: renew session token after login/register to persist session data

Without RenewToken(), session data set during the action handler
wasn't surviving the redirect — the old pre-auth token was stale.

main.go

@@ -251,6 +251,7 @@ func main() {
 				return
 			}
 
+			c.Session().RenewToken()
 			c.Session().Set("user_id", user.ID)
 			c.Session().Set("username", user.Username)
 			c.Session().Set("nickname", user.Username)
@@ -319,6 +320,7 @@ func main() {
 				return
 			}
 
+			c.Session().RenewToken()
 			c.Session().Set("user_id", user.ID)
 			c.Session().Set("username", user.Username)
 			c.Session().Set("nickname", user.Username)