From 558fddd518f492b9bd614f96374729ca05159093 Mon Sep 17 00:00:00 2001
From: Tim Wundenberg <tim@wundenbergs.de>
Date: Wed, 18 Dec 2024 22:52:08 +0100
Subject: [PATCH] feat(security): #328 delete old sessions forgot password
 [tbs]

---
 handler/auth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/handler/auth.go b/handler/auth.go
index dfc36f8..f533fa7 100644
--- a/handler/auth.go
+++ b/handler/auth.go
@@ -294,7 +294,7 @@ func (handler AuthImpl) handleChangePasswordComp() http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
 		session := middleware.GetSession(r)
-		if session.User == nil {
+		if session == nil || session.User == nil {
 			utils.DoRedirect(w, r, "/auth/signin")
 			return
 		}