diff --git a/context/context.go b/context/context.go
index b14e422..fe1d1bf 100644
--- a/context/context.go
+++ b/context/context.go
@@ -2,4 +2,5 @@ package context
 
 const (
 	AuthenticatedUserKey = "auth_user"
+	FormKey              = "form"
 )
diff --git a/routes/forgot_password.go b/routes/forgot_password.go
index 20ef6d9..c57a34d 100644
--- a/routes/forgot_password.go
+++ b/routes/forgot_password.go
@@ -1,6 +1,7 @@
 package routes
 
 import (
+	"goweb/context"
 	"goweb/controller"
 	"goweb/msg"
 
@@ -10,7 +11,6 @@ import (
 type (
 	ForgotPassword struct {
 		controller.Controller
-		form ForgotPasswordForm
 	}
 
 	ForgotPasswordForm struct {
@@ -23,7 +23,12 @@ func (f *ForgotPassword) Get(c echo.Context) error {
 	p.Layout = "auth"
 	p.Name = "forgot-password"
 	p.Title = "Forgot password"
-	p.Data = f.form
+	p.Data = ForgotPasswordForm{}
+
+	if form := c.Get(context.FormKey); form != nil {
+		p.Data = form.(ForgotPasswordForm)
+	}
+
 	return f.RenderPage(c, p)
 }
 
@@ -35,16 +40,19 @@ func (f *ForgotPassword) Post(c echo.Context) error {
 	}
 
 	// Parse the form values
-	if err := c.Bind(&f.form); err != nil {
+	form := new(ForgotPasswordForm)
+	if err := c.Bind(form); err != nil {
 		return fail("unable to parse forgot password form", err)
 	}
+	c.Set(context.FormKey, *form)
 
 	// Validate the form
-	if err := c.Validate(f.form); err != nil {
-		f.SetValidationErrorMessages(c, err, f.form)
+	if err := c.Validate(form); err != nil {
+		f.SetValidationErrorMessages(c, err, form)
 		return f.Get(c)
 	}
 
-	// TODO
+	// TODO: generate and email a token
+
 	return f.Redirect(c, "home")
 }
diff --git a/routes/login.go b/routes/login.go
index 77d27a9..d4bec9f 100644
--- a/routes/login.go
+++ b/routes/login.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 
 	"goweb/auth"
+	"goweb/context"
 	"goweb/controller"
 	"goweb/ent"
 	"goweb/ent/user"
@@ -15,7 +16,6 @@ import (
 type (
 	Login struct {
 		controller.Controller
-		form LoginForm
 	}
 
 	LoginForm struct {
@@ -29,7 +29,12 @@ func (l *Login) Get(c echo.Context) error {
 	p.Layout = "auth"
 	p.Name = "login"
 	p.Title = "Log in"
-	p.Data = l.form
+	p.Data = LoginForm{}
+
+	if form := c.Get(context.FormKey); form != nil {
+		p.Data = form.(LoginForm)
+	}
+
 	return l.RenderPage(c, p)
 }
 
@@ -41,20 +46,22 @@ func (l *Login) Post(c echo.Context) error {
 	}
 
 	// Parse the form values
-	if err := c.Bind(&l.form); err != nil {
+	form := new(LoginForm)
+	if err := c.Bind(form); err != nil {
 		return fail("unable to parse login form", err)
 	}
+	c.Set(context.FormKey, *form)
 
 	// Validate the form
-	if err := c.Validate(l.form); err != nil {
-		l.SetValidationErrorMessages(c, err, l.form)
+	if err := c.Validate(form); err != nil {
+		l.SetValidationErrorMessages(c, err, form)
 		return l.Get(c)
 	}
 
 	// Attempt to load the user
 	u, err := l.Container.ORM.User.
 		Query().
-		Where(user.Email(l.form.Email)).
+		Where(user.Email(form.Email)).
 		First(c.Request().Context())
 
 	if err != nil {
@@ -68,7 +75,7 @@ func (l *Login) Post(c echo.Context) error {
 	}
 
 	// Check if the password is correct
-	err = auth.CheckPassword(l.form.Password, u.Password)
+	err = auth.CheckPassword(form.Password, u.Password)
 	if err != nil {
 		msg.Danger(c, "Invalid credentials. Please try again.")
 		return l.Get(c)
diff --git a/routes/register.go b/routes/register.go
index 0913764..b8b7a16 100644
--- a/routes/register.go
+++ b/routes/register.go
@@ -2,6 +2,7 @@ package routes
 
 import (
 	"goweb/auth"
+	"goweb/context"
 	"goweb/controller"
 	"goweb/msg"
 
@@ -11,7 +12,6 @@ import (
 type (
 	Register struct {
 		controller.Controller
-		form RegisterForm
 	}
 
 	RegisterForm struct {
@@ -27,7 +27,11 @@ func (r *Register) Get(c echo.Context) error {
 	p.Layout = "auth"
 	p.Name = "register"
 	p.Title = "Register"
-	p.Data = r.form
+	p.Data = RegisterForm{}
+
+	if form := c.Get(context.FormKey); form != nil {
+		p.Data = form.(RegisterForm)
+	}
 
 	return r.RenderPage(c, p)
 }
@@ -40,18 +44,20 @@ func (r *Register) Post(c echo.Context) error {
 	}
 
 	// Parse the form values
-	if err := c.Bind(&r.form); err != nil {
+	form := new(RegisterForm)
+	if err := c.Bind(form); err != nil {
 		return fail("unable to parse form values", err)
 	}
+	c.Set(context.FormKey, *form)
 
 	// Validate the form
-	if err := c.Validate(r.form); err != nil {
-		r.SetValidationErrorMessages(c, err, r.form)
+	if err := c.Validate(form); err != nil {
+		r.SetValidationErrorMessages(c, err, form)
 		return r.Get(c)
 	}
 
 	// Hash the password
-	pwHash, err := auth.HashPassword(r.form.Password)
+	pwHash, err := auth.HashPassword(form.Password)
 	if err != nil {
 		return fail("unable to hash password", err)
 	}
@@ -59,8 +65,8 @@ func (r *Register) Post(c echo.Context) error {
 	// Attempt creating the user
 	u, err := r.Container.ORM.User.
 		Create().
-		SetName(r.form.Name).
-		SetEmail(r.form.Email).
+		SetName(form.Name).
+		SetEmail(form.Email).
 		SetPassword(pwHash).
 		Save(c.Request().Context())