Skip to main content

admin_login

Function admin_login 

Source
pub fn admin_login(
    form: Form<LoginForm>,
    cookies: &CookieJar<'_>,
    pool: &State<DbPool>,
) -> Redirect
Expand description

Processes sign-in (POST /admin/login): validates the token against auth.rerun_tokens; on success opens a server-side session and sets the ADMIN_COOKIE cookie to its random opaque id (HttpOnly, SameSite=Lax) — the cookie no longer carries the token — then redirects to the validated next destination (default /admin). A bad token (or a DB hiccup opening the session) returns to the sign-in page flagged, preserving next.