Reset session token after logged in

TechAndCheck · Dec 20, 2024 · 1403e62 · 1403e62
1 parent 083eebd
commit 1403e62
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/app/controllers/users/sessions_controller.rb b/app/controllers/users/sessions_controller.rb
@@ -160,7 +160,7 @@ def finish_mfa_webauthn_validation
       sign_in(user)
 
       if session[:token]
-        session[:token] = nil
+        session.delete(:token)
         render json: {
                 authentication_status: "success",
                 redirect: remote_token_path # The token is rotated when the page is visited