diff --git a/src/auth/csrf.rs b/src/auth/csrf.rs
index d59fa1d..55a6cd3 100644
--- a/src/auth/csrf.rs
+++ b/src/auth/csrf.rs
@@ -15,7 +15,7 @@ impl CSRF for User {
     ///
     /// This is useful for htmx requests to update the CSRF token in place.
     async fn update_csrf(&self) -> PreEscaped<String> {
-        html! { script { (format!("document.getElementById('csrf').value = '{}';", self.get_csrf().await)) }; }
+        html! { script { (format!("document.querySelectorAll('.csrf').forEach(element => {{ element.value = '{}'; }});", self.get_csrf().await)) }; }
     }
 
     /// Get CSRF Token for the current session
diff --git a/src/auth/session.rs b/src/auth/session.rs
index 5a35129..1c7068b 100644
--- a/src/auth/session.rs
+++ b/src/auth/session.rs
@@ -41,7 +41,7 @@ pub trait Sessions {
     fn api_key(&self, name: &str) -> impl std::future::Future<Output = Session>;
     fn session(&self) -> impl std::future::Future<Output = Session>;
     fn list_sessions(&self) -> impl std::future::Future<Output = Vec<Session>>;
-    fn end_session(&self) -> impl std::future::Future<Output = ()>;
+    fn end_session(&self, id: &str) -> impl std::future::Future<Output = ()>;
 }
 
 impl Sessions for User {
@@ -60,9 +60,9 @@ impl Sessions for User {
     }
 
     /// End a user session
-    async fn end_session(&self) {
-        sqlx::query("DELETE FROM user_session WHERE token = $1")
-            .bind(&self.session)
+    async fn end_session(&self, id: &str) {
+        sqlx::query("DELETE FROM user_session WHERE id = $1")
+            .bind(id)
             .execute(get_pg!())
             .await
             .unwrap();