From f2f8665c6a3e9239134327aeccf20c9a903cb01d Mon Sep 17 00:00:00 2001 From: Jamil Date: Tue, 21 Oct 2025 15:21:07 -0700 Subject: [PATCH] fix(portal): renew session on sign in (#10616) When signing in, it's a good idea to clear any previous session cookie and regenerate it, preventing the chance that any unchecked data in a possible-fixated session cookie is used. --- elixir/apps/web/lib/web/auth.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/elixir/apps/web/lib/web/auth.ex b/elixir/apps/web/lib/web/auth.ex index 404b11bd4..123f447e8 100644 --- a/elixir/apps/web/lib/web/auth.ex +++ b/elixir/apps/web/lib/web/auth.ex @@ -49,7 +49,9 @@ defmodule Web.Auth do sessions = Enum.take(sessions ++ [session], -1 * @remember_last_sessions) - Plug.Conn.put_session(conn, :sessions, sessions) + conn + |> renew_session() + |> Plug.Conn.put_session(:sessions, sessions) end defp delete_account_session(conn, context_type, account_id) do