users: fix session name split when site_title not yet in kernel_config

getSiteCookieName() fell back to 'bit-user-bitweaver' whenever kernel_config
hadn't loaded site_title (e.g. during installer/upgrade flow). This created
a second cookie alongside the real 'bit-user-<site>' cookie, causing every
cross-page redirect to land in a different session and lose loginfrom, admin
status, and installer step state.

Fix: if site_title is empty, reuse any existing bit-user-* cookie already
present in the request rather than generating a new 'bitweaver' name.

Also: after successful admin login, redirect to the installer directly when
a version upgrade is pending (bypasses the broken loginfrom-via-session path
for the INSTALLER_FORCE case).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

0 files changed, 0 insertions, 0 deletions