Refactor CSRF token (#32216)

2 files changed, 3 insertions, 5 deletions

diff --git a/services/auth/auth.go b/services/auth/auth.go
index a2523a2452..43ff95f053 100644
--- a/services/auth/auth.go
+++ b/services/auth/auth.go
@@ -103,8 +103,8 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore
 
 	middleware.SetLocaleCookie(resp, user.Language, 0)
 
-	// Clear whatever CSRF has right now, force to generate a new one
+	// force to generate a new CSRF token
 	if ctx := gitea_context.GetWebContext(req); ctx != nil {
-		ctx.Csrf.DeleteCookie(ctx)
+		ctx.Csrf.PrepareForSessionUser(ctx)
 	}
 }
diff --git a/services/context/csrf.go b/services/context/csrf.go
index 9b66d613e3..7b475a8fd8 100644
--- a/services/context/csrf.go
+++ b/services/context/csrf.go
@@ -129,10 +129,8 @@ func (c *csrfProtector) PrepareForSessionUser(ctx *Context) {
 	}
 
 	if needsNew {
-		// FIXME: actionId.
 		c.token = GenerateCsrfToken(c.opt.Secret, c.id, "POST", time.Now())
-		cookie := newCsrfCookie(&c.opt, c.token)
-		ctx.Resp.Header().Add("Set-Cookie", cookie.String())
+		ctx.Resp.Header().Add("Set-Cookie", newCsrfCookie(&c.opt, c.token).String())
 	}
 
 	ctx.Data["CsrfToken"] = c.token