2 files changed, 16 insertions, 6 deletions

diff --git a/src/battle/query/btl_character_turn.erl b/src/battle/query/btl_character_turn.erl
index a65dc91..b23a02e 100644
--- a/src/battle/query/btl_character_turn.erl
+++ b/src/battle/query/btl_character_turn.erl
@@ -30,7 +30,9 @@ authenticate_user (Request) ->
    PlayerID = btl_character_turn_request:get_player_id(Request),
    SessionToken = btl_character_turn_request:get_session_token(Request),
 
-   shr_security:assert_identity(PlayerID, SessionToken),
+   Player = shr_timed_cache:fetch(player_db, any, PlayerID),
+
+   shr_security:assert_identity(SessionToken, Player),
    shr_security:lock_queries(PlayerID),
 
    ok.
diff --git a/src/battle/query/btl_load.erl b/src/battle/query/btl_load.erl
index 551ec41..a93120e 100644
--- a/src/battle/query/btl_load.erl
+++ b/src/battle/query/btl_load.erl
@@ -48,6 +48,17 @@ parse_input (Req) ->
       battle_id = BattleID
    }.
 
+-spec authenticate_user (input()) -> 'ok'.
+authenticate_user (Input) ->
+   PlayerID = Input#input.player_id,
+   SessionToken = Input#input.session_token,
+
+   Player = shr_timed_cache:fetch(player_db, any, PlayerID),
+
+   shr_security:assert_identity(SessionToken, Player),
+
+   ok.
+
 -spec fetch_data (input()) -> query_state().
 fetch_data (Input) ->
    PlayerID = Input#input.player_id,
@@ -60,6 +71,7 @@ fetch_data (Input) ->
       battle = Battle
    }.
 
+
 -spec generate_reply(query_state(), input()) -> binary().
 generate_reply (QueryState, Input) ->
    PlayerID = Input#input.player_id,
@@ -138,11 +150,7 @@ generate_reply (QueryState, Input) ->
 -spec handle (binary()) -> binary().
 handle (Req) ->
    Input = parse_input(Req),
-   shr_security:assert_identity
-   (
-      Input#input.player_id,
-      Input#input.session_token
-   ),
+   authenticate_user(Input),
    shr_security:lock_queries(Input#input.player_id),
    QueryState = fetch_data(Input),
    shr_security:unlock_queries(Input#input.player_id),