mirror of
https://github.com/myronblair/parkerslingshotrentals
synced 2026-06-30 17:50:31 -05:00
654aecc2dd
Cookies failed consistently in real browsers despite working in curl. Replaced with DB-stored token passed as ?_t=TOKEN in URL: - Login generates 64-char hex token, stores in admin_tokens table - Redirect to /admin/?_t=TOKEN after successful login - Every request validated via DB lookup (no cookies needed) - All 7 AJAX calls include &_t=TOKEN in POST body - Logout deletes token from DB - Requires admin_tokens table (created in DB) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>