From deff9b38598088cdaf78ff2ce5a3a0b76620823e Mon Sep 17 00:00:00 2001
From: Ryan Hamamura <58859899+ryanhamamura@users.noreply.github.com>
Date: Fri, 13 Feb 2026 11:35:37 -1000
Subject: [PATCH] fix: renew session token after login/register to persist
 session data
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Without RenewToken(), session data set during the action handler
wasn't surviving the redirect — the old pre-auth token was stale.
---
 main.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/main.go b/main.go
index 097bfb6..d941c15 100644
--- a/main.go
+++ b/main.go
@@ -251,6 +251,7 @@ func main() {
 				return
 			}
 
+			c.Session().RenewToken()
 			c.Session().Set("user_id", user.ID)
 			c.Session().Set("username", user.Username)
 			c.Session().Set("nickname", user.Username)
@@ -319,6 +320,7 @@ func main() {
 				return
 			}
 
+			c.Session().RenewToken()
 			c.Session().Set("user_id", user.ID)
 			c.Session().Set("username", user.Username)
 			c.Session().Set("nickname", user.Username)