Update post
Account security has been hardened across login and recovery flows
Codexa now protects authentication with persistent rate limits, password reset tokens, origin checks, and a full CSRF-token system across state-changing routes.
Post links
Keep browsing
Move between the update feed, upcoming work, and the editor from the same reading surface.
What changed
A concise summary of the work delivered in this release.
- Added persistent auth rate limiting for login, registration, and reset flows.
- Added one-time password reset tokens with expiry and active-session revocation after reset.
- Added origin protection for sensitive auth routes.
- Added a reusable CSRF-token system and protected POST wrapper across mutating routes.
User value
How this release improves the experience, workflow, or control users get from LoreKeep.
- Accounts are harder to brute-force or abuse through repeated failed attempts.
- Password recovery is now available without weakening session security.
- Mutating actions now have stronger protection against cross-site request abuse.
Full notes
Additional context, implementation notes, or rollout details for this release.
The authentication surface now has stronger protection against repeated abuse and unsafe cross-site requests. Login and registration use persistent database-backed rate limiting, password reset uses one-time tokens with expiry and session revocation, and state-changing requests now pass through shared CSRF and origin verification helpers.
Release status
Current state
A quick snapshot of how this update is categorized and published.
Category
Security
Status
Live
Published
2026-03-01 21:00 UTC