State minimization in MuSig2 signing sessions

It seems to me that this is the unsafe case.

  • The attacker sends you a PSBT
  • You generate a secnonce and sign with it
  • The attacker tells you that something went wrong, and sends you the same PSBT again with the same session_id
  • So you generate the exact same secnonce and sign again with it

This is precisely what should not happen. Or why would this attack be prevented?