Login system security fixes

This is a relatively minor release, but with one critical bug fix.

It was pointed out on reddit that the login system was insecure:

/u/lordastley said:
If I'm reading that code correctly, you're storing user auth completely in the cookie instead of using sessions (for instance), which is rather insecure.
If I can get a copy of someone's cookie, snoop their network traffic, etc, I can authenticate as them.

This release switches from using cookies to store login details to using PHP sessions. This does mean that your server must have session support, but hopefully that won't be a big problem.

Installation / updating instructions can be found in the README.