Reset session token after logged in

TechAndCheck · Dec 20, 2024 · 083eebd · 083eebd
1 parent 4ac4dca
commit 083eebd
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
@@ -160,6 +160,7 @@ def finish_mfa_webauthn_validation
       sign_in(user)
 
       if session[:token]
+        session[:token] = nil
         render json: {
                 authentication_status: "success",
                 redirect: remote_token_path # The token is rotated when the page is visited