From 70e215c641b5570e2c463564c658277827366dde Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gon=C3=A7alo=20Tom=C3=A1s?= <goncalo@goncalotomas.com>
Date: Sat, 4 Jan 2025 17:27:46 +0000
Subject: [PATCH] backport mix phx.gen.auth security improvement

---
 lib/galaxies_web/live/player_settings_live.ex | 2 +-
 lib/galaxies_web/player_auth.ex               | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/galaxies_web/live/player_settings_live.ex b/lib/galaxies_web/live/player_settings_live.ex
index e867dcd..32f8217 100644
--- a/lib/galaxies_web/live/player_settings_live.ex
+++ b/lib/galaxies_web/live/player_settings_live.ex
@@ -68,7 +68,7 @@ defmodule GalaxiesWeb.PlayerSettingsLive do
           <input
             name={@password_form[:email].name}
             type="hidden"
-            id="hidden_players_email"
+            id="hidden_player_email"
             value={@current_email}
           />
           <.input field={@password_form[:password]} type="password" label="New password" required />
diff --git a/lib/galaxies_web/player_auth.ex b/lib/galaxies_web/player_auth.ex
index 2d8ac9a..b79137b 100644
--- a/lib/galaxies_web/player_auth.ex
+++ b/lib/galaxies_web/player_auth.ex
@@ -60,6 +60,8 @@ defmodule GalaxiesWeb.PlayerAuth do
   #     end
   #
   defp renew_session(conn) do
+    delete_csrf_token()
+
     conn
     |> configure_session(renew: true)
     |> clear_session()