hold session key in POST data

[httpchat] / index.cgi

diff --git a/index.cgi b/index.cgi
index 194ac98e3477de31d5343fa2827eeac690392865..f44d288db0e41ba30f093e2a1c485424b61172ed 100755 (executable)
--- a/index.cgi
+++ b/index.cgi
@@ -33,11 +33,12 @@ yield_page(){
 settings_menu(){
   printf '
     [form #settings method="POST" action="?"
+      [hidden "session_key" "%s"]
       [h1 Settings][a .settings href="?" Close]'
   printf '
       [a .section href="#nick" Nickname]
       [div #nick [input name="nickname" value="%s"][submit "action" "nick" Set Cookie]]
-  ' "$(HTML "${nickname#\?}")"
+  ' "$SESSION_KEY" "$(HTML "${nickname#\?}")"
   printf '
       [a .section href="#register" Register Nickname]
       [div #register