diff --git a/src/auth/csrf.rs b/src/auth/csrf.rs
index 55a6cd3..c7beb59 100644
--- a/src/auth/csrf.rs
+++ b/src/auth/csrf.rs
@@ -15,7 +15,7 @@ impl CSRF for User {
     ///
     /// This is useful for htmx requests to update the CSRF token in place.
     async fn update_csrf(&self) -> PreEscaped<String> {
-        html! { script { (format!("document.querySelectorAll('.csrf').forEach(element => {{ element.value = '{}'; }});", self.get_csrf().await)) }; }
+        html! { script { (PreEscaped(format!("document.querySelectorAll('.csrf').forEach(element => {{ element.value = '{}'; }});", self.get_csrf().await))) }; }
     }
 
     /// Get CSRF Token for the current session
diff --git a/src/auth/session.rs b/src/auth/session.rs
index 3b944c5..207120c 100644
--- a/src/auth/session.rs
+++ b/src/auth/session.rs
@@ -41,7 +41,7 @@ pub trait Sessions {
     fn api_key(&self, name: &str) -> impl std::future::Future<Output = Session>;
     fn session(&self) -> impl std::future::Future<Output = Session>;
     fn list_sessions(&self) -> impl std::future::Future<Output = Vec<Session>>;
-    fn end_session(&self, id: &str) -> impl std::future::Future<Output = ()>;
+    fn end_session(&self, id: &uuid::Uuid) -> impl std::future::Future<Output = ()>;
 }
 
 impl Sessions for User {
@@ -60,7 +60,7 @@ impl Sessions for User {
     }
 
     /// End a user session
-    async fn end_session(&self, id: &str) {
+    async fn end_session(&self, id: &uuid::Uuid) {
         sqlx::query("DELETE FROM user_session WHERE id = $1 AND \"user\" = $2")
             .bind(id)
             .bind(&self.username)