myron 8f5362aa95 Fix admin login: replace PHP sessions with HMAC cookie auth
PHP sessions were unreliable on this host — the web process could write
session files but LiteSpeed served cached login-page responses on the
redirect, bypassing PHP entirely.

Replace sessions with a self-contained signed cookie:
- On login: generate random 32-byte token + expiry, sign with HMAC-SHA256
- On each request: verify signature and expiry — no filesystem reads needed
- Cookie: Secure, HttpOnly, SameSite=Lax, path=/admin/, 24h expiry
- admin/.htaccess: CacheEnable off + no-store headers to prevent LiteSpeed
  from caching admin responses

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-22 14:15:33 +00:00
2026-05-22 12:52:49 +00:00
2026-05-22 12:52:49 +00:00
2026-05-22 12:52:49 +00:00
S
Description
Mirror of github.com/myronblair/parkerslingshotrentals
118 KiB
Languages
PHP 70.5%
HTML 29.5%