func (c *Challenge) Update(w http.ResponseWriter, r *http.Request) error {
    session, err := c.idp.config.ChallengeStore.Get(r, SessionCookieName)
    if err != nil {
        return err
    }