diff --git a/authority/authority.go b/authority/authority.go
index d02e194..93f8b67 100644
--- a/authority/authority.go
+++ b/authority/authority.go
@@ -77,7 +77,7 @@ func (authority *Authority) Authorize(roles ...string) func(http.Handler) http.H
 				return
 			}
 
-			authority.Auth.Flash(req, session.Message{Message: AccessDeniedFlashMessage})
+			authority.Auth.Flash(w, req, session.Message{Message: AccessDeniedFlashMessage})
 			http.Redirect(w, req, authority.Config.RedirectPathAfterAccessDenied, http.StatusSeeOther)
 		})
 	}
diff --git a/authority/middleware.go b/authority/middleware.go
index ef0ef98..804e6d4 100644
--- a/authority/middleware.go
+++ b/authority/middleware.go
@@ -37,7 +37,7 @@ func (authority *Authority) Middleware(handler http.Handler) http.Handler {
 			now := time.Now()
 			claims.LastActiveAt = &now
 
-			authority.Auth.Update(claims, req)
+			authority.Auth.Update(w, req, claims)
 		}
 
 		handler.ServeHTTP(w, req)
diff --git a/providers/password/confirm.go b/providers/password/confirm.go
index da48152..777df57 100644
--- a/providers/password/confirm.go
+++ b/providers/password/confirm.go
@@ -86,7 +86,7 @@ var DefaultConfirmHandler = func(context *auth.Context) error {
 					now := time.Now()
 					authInfo.ConfirmedAt = &now
 					if err = tx.Model(authIdentity).Update(authInfo).Error; err == nil {
-						context.SessionStorer.Flash(context.Request, session.Message{Message: ConfirmedAccountFlashMessage, Type: "success"})
+						context.SessionStorer.Flash(context.Writer, context.Request, session.Message{Message: ConfirmedAccountFlashMessage, Type: "success"})
 						context.Auth.Redirector.Redirect(context.Writer, context.Request, "confirm")
 						return nil
 					}
diff --git a/providers/password/handlers.go b/providers/password/handlers.go
index eb0b985..a74ceb7 100644
--- a/providers/password/handlers.go
+++ b/providers/password/handlers.go
@@ -85,7 +85,7 @@ var DefaultRegisterHandler = func(context *auth.Context) (*claims.Claims, error)
 		authIdentity := reflect.New(utils.ModelType(context.Auth.Config.AuthIdentityModel)).Interface()
 		if err = tx.Where(authInfo).FirstOrCreate(authIdentity).Error; err == nil {
 			if provider.Config.Confirmable {
-				context.SessionStorer.Flash(req, session.Message{Message: ConfirmFlashMessage, Type: "success"})
+				context.SessionStorer.Flash(context.Writer, req, session.Message{Message: ConfirmFlashMessage, Type: "success"})
 				err = provider.Config.ConfirmMailer(schema.Email, context, authInfo.ToClaims(), currentUser)
 			}
 
diff --git a/providers/password/password.go b/providers/password/password.go
index f513037..eea4033 100644
--- a/providers/password/password.go
+++ b/providers/password/password.go
@@ -147,14 +147,14 @@ func (provider Provider) ServeHTTP(context *auth.Context) {
 					}
 
 					if err == nil {
-						context.SessionStorer.Flash(req, session.Message{Message: ConfirmFlashMessage, Type: "success"})
+						context.SessionStorer.Flash(context.Writer, req, session.Message{Message: ConfirmFlashMessage, Type: "success"})
 						context.Auth.Redirector.Redirect(context.Writer, context.Request, "send_confirmation")
 					}
 				}
 			}
 
 			if err != nil {
-				context.SessionStorer.Flash(req, session.Message{Message: template.HTML(err.Error()), Type: "error"})
+				context.SessionStorer.Flash(context.Writer, req, session.Message{Message: template.HTML(err.Error()), Type: "error"})
 			}
 			// render new confirmation page
 			context.Auth.Config.Render.Execute("auth/confirmation/new", context, context.Request, context.Writer)
@@ -162,7 +162,7 @@ func (provider Provider) ServeHTTP(context *auth.Context) {
 			// confirm user
 			err := provider.ConfirmHandler(context)
 			if err != nil {
-				context.SessionStorer.Flash(req, session.Message{Message: template.HTML(err.Error()), Type: "error"})
+				context.SessionStorer.Flash(context.Writer, req, session.Message{Message: template.HTML(err.Error()), Type: "error"})
 				context.Auth.Redirector.Redirect(context.Writer, context.Request, "confirm_failed")
 				return
 			}
@@ -173,7 +173,7 @@ func (provider Provider) ServeHTTP(context *auth.Context) {
 			// send recover password mail
 			err := provider.RecoverPasswordHandler(context)
 			if err != nil {
-				context.SessionStorer.Flash(req, session.Message{Message: template.HTML(err.Error()), Type: "error"})
+				context.SessionStorer.Flash(context.Writer, req, session.Message{Message: template.HTML(err.Error()), Type: "error"})
 				http.Redirect(context.Writer, context.Request, context.Auth.AuthURL("password/new"), http.StatusSeeOther)
 				return
 			}
@@ -185,13 +185,13 @@ func (provider Provider) ServeHTTP(context *auth.Context) {
 				}).Execute("auth/password/edit", context, context.Request, context.Writer)
 				return
 			}
-			context.SessionStorer.Flash(req, session.Message{Message: template.HTML(ErrInvalidResetPasswordToken.Error()), Type: "error"})
+			context.SessionStorer.Flash(context.Writer, req, session.Message{Message: template.HTML(ErrInvalidResetPasswordToken.Error()), Type: "error"})
 			http.Redirect(context.Writer, context.Request, context.Auth.AuthURL("password/new"), http.StatusSeeOther)
 		case "update":
 			// update password
 			err := provider.ResetPasswordHandler(context)
 			if err != nil {
-				context.SessionStorer.Flash(req, session.Message{Message: template.HTML(err.Error()), Type: "error"})
+				context.SessionStorer.Flash(context.Writer, req, session.Message{Message: template.HTML(err.Error()), Type: "error"})
 				http.Redirect(context.Writer, context.Request, context.Auth.AuthURL("password/new"), http.StatusSeeOther)
 				return
 			}
diff --git a/providers/password/reset_password.go b/providers/password/reset_password.go
index 23ae87a..dd0e823 100644
--- a/providers/password/reset_password.go
+++ b/providers/password/reset_password.go
@@ -76,7 +76,7 @@ var DefaultRecoverPasswordHandler = func(context *auth.Context) error {
 	err = provider.ResetPasswordMailer(email, context, authInfo.ToClaims(), currentUser)
 
 	if err == nil {
-		context.SessionStorer.Flash(context.Request, session.Message{Message: SendChangePasswordMailFlashMessage, Type: "success"})
+		context.SessionStorer.Flash(context.Writer, context.Request, session.Message{Message: SendChangePasswordMailFlashMessage, Type: "success"})
 		context.Auth.Redirector.Redirect(context.Writer, context.Request, "send_recover_password_mail")
 	}
 	return err
@@ -117,7 +117,7 @@ var DefaultResetPasswordHandler = func(context *auth.Context) error {
 	}
 
 	if err == nil {
-		context.SessionStorer.Flash(context.Request, session.Message{Message: ChangedPasswordFlashMessage, Type: "success"})
+		context.SessionStorer.Flash(context.Writer, context.Request, session.Message{Message: ChangedPasswordFlashMessage, Type: "success"})
 		context.Auth.Redirector.Redirect(context.Writer, context.Request, "reset_password")
 	}
 	return err