Add more secure form handling

WebApp/Authentication/AuthController.cs

@@ -22,12 +22,11 @@ namespace WebApp.Authentication
         }
 
         [HttpPost]
-        [HttpGet] // Support both for navigation from Blazor
         [AllowAnonymous]
         public async Task<IActionResult> CookieLogin(
-            string email,
-            string password,
-            bool rememberMe = false)
+            [FromForm] string email,
+            [FromForm] string password,
+            [FromForm] bool rememberMe = false)
         {
             try
             {
@@ -42,8 +41,8 @@ namespace WebApp.Authentication
                         "Login attempt from locked out IP: {IpAddress}. Remaining: {Remaining}",
                         ipAddress, remaining);
 
-                    TempData["LoginError"] = $"Too many failed attempts. Try again in {remaining?.Minutes ?? 15} minutes.";
-                    return Redirect("/login");
+                    var errorMsg = Uri.EscapeDataString($"Too many failed attempts. Try again in {remaining?.Minutes ?? 15} minutes.");
+                    return Redirect($"/login?error={errorMsg}");
                 }
 
                 // Validate credentials
@@ -58,8 +57,7 @@ namespace WebApp.Authentication
                         "Failed login attempt for {Email} from {IpAddress}",
                         email, ipAddress);
 
-                    TempData["LoginError"] = "Invalid email or password.";
-                    return Redirect("/login");
+                    return Redirect("/login?error=Invalid%20email%20or%20password.");
                 }
 
                 // Success - clear rate limit tracking