fix: fix csrf token handling after login

2025-09-15 07:11:15 +00:00 · 2025-03-29 17:21:54 +01:00
parent 6cbccf6d43
commit 3723e4cc75
2 changed files with 9 additions and 5 deletions
--- a/internal/app/api/core/middleware/csrf/middleware.go
+++ b/internal/app/api/core/middleware/csrf/middleware.go
@@ -68,14 +68,14 @@ func (m *Middleware) RefreshToken(next http.Handler) http.Handler {

 		// mask the token
 		maskedToken := maskToken(token, key)
-
-		// store the encoded token in the session
 		encodedToken := encodeToken(maskedToken)
-		m.o.sessionWriter(r, encodedToken)

 		// pass the token down the chain via the context
 		r = r.WithContext(setToken(r.Context(), encodedToken))

+		// store the token in the session
+		m.o.sessionWriter(r, encodedToken)
+
 		next.ServeHTTP(w, r)
 	})
 }