backport mix phx.gen.auth security improvement

goncalotomas · Jan 4, 2025 · 70e215c · 70e215c
1 parent 0872852
commit 70e215c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/lib/galaxies_web/live/player_settings_live.ex b/lib/galaxies_web/live/player_settings_live.ex
@@ -68,7 +68,7 @@ defmodule GalaxiesWeb.PlayerSettingsLive do
           <input
             name={@password_form[:email].name}
             type="hidden"
-            id="hidden_players_email"
+            id="hidden_player_email"
             value={@current_email}
           />
           <.input field={@password_form[:password]} type="password" label="New password" required />

diff --git a/lib/galaxies_web/player_auth.ex b/lib/galaxies_web/player_auth.ex
@@ -60,6 +60,8 @@ defmodule GalaxiesWeb.PlayerAuth do
   #     end
   #
   defp renew_session(conn) do
+    delete_csrf_token()
+
     conn
     |> configure_session(renew: true)
     |> clear_session()