myron/parkerslingshotrentals
1
0
Fork 0
mirror of https://github.com/myronblair/parkerslingshotrentals synced 2026-06-30 17:50:31 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
parkerslingshotrentals/admin/.htaccess
T
myron 8f5362aa95 Fix admin login: replace PHP sessions with HMAC cookie auth 
PHP sessions were unreliable on this host — the web process could write
session files but LiteSpeed served cached login-page responses on the
redirect, bypassing PHP entirely.

Replace sessions with a self-contained signed cookie:
- On login: generate random 32-byte token + expiry, sign with HMAC-SHA256
- On each request: verify signature and expiry — no filesystem reads needed
- Cookie: Secure, HttpOnly, SameSite=Lax, path=/admin/, 24h expiry
- admin/.htaccess: CacheEnable off + no-store headers to prevent LiteSpeed
  from caching admin responses

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 14:15:33 +00:00

6 lines
155 B
ApacheConf
Raw Permalink Blame History

<IfModule LiteSpeed>
CacheEnable off
</IfModule>
Header always set Cache-Control "no-store, no-cache, must-revalidate"
Header always set Pragma "no-cache"
Reference in New Issue View Git Blame Copy Permalink