security update

index.html

@@ -10,7 +10,7 @@
     <script>
         // Проверка авторизации при загрузке страницы
         async function checkAuth() {
-            const response = await fetch('api/check_auth.php');
+            const response = await fetch('api/check_auth.php', { credentials: 'same-origin' });
             const result = await response.json();
             
             if (!result.isLoggedIn) {
@@ -23,9 +23,10 @@
         }
         
         async function logout() {
-            await fetch('api/logout.php');
-            localStorage.removeItem('user');
-            localStorage.removeItem('isLoggedIn');
+            await fetch('api/logout.php', {
+                method: 'POST',
+                credentials: 'same-origin'
+            });
             window.location.href = 'login.html';
         }