Fix CSRF token handling: add session to index.php, fix cookie_secure for HTTPS

contact-handler.php

@@ -1,5 +1,8 @@
 <?php
 // Enhanced Contact Form Handler with Security
+ini_set('session.cookie_samesite', 'Lax');
+ini_set('session.cookie_httponly', '1');
+ini_set('session.cookie_secure', '1');
 session_start();
 
 // Form handler restored - temporary fix removed