Sign-in button → account app, clear old shared cookie

- Nav sign-in links point to account_url('/') instead of login_url()
- After-request hook clears old blog_session cookie on .rose-ash.com
  (prevents collision with new per-app first-party cookies)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

browser/templates/_types/root/_sign_in.html

@@ -1,6 +1,6 @@
 
   <a
-    href="{{ login_url(request.url) }}"
+    href="{{ account_url('/') }}"
     aria-selected="{{ 'true' if '/auth/login' in request.path else 'false' }}"
     class="justify-center cursor-pointer flex flex-row items-center p-3 gap-2 rounded bg-stone-200 text-black {{select_colours}}"
     data-close-details

browser/templates/_types/root/mobile/_sign_in.html

@@ -1,6 +1,6 @@
 
   <a
-    href="{{ login_url(request.url) }}"
+    href="{{ account_url('/') }}"
     aria-selected="{{ 'true' if '/auth/login' in request.path else 'false' }}"
   >
     <i class="fa-solid fa-key"></i>

infrastructure/factory.py

@@ -127,6 +127,13 @@ def create_base_app(
         await protect()
 
     # --- after-request hooks ---
+    # Clear old shared-domain session cookie (migration from .rose-ash.com)
+    @app.after_request
+    async def _clear_old_shared_cookie(response):
+        if request.cookies.get("blog_session"):
+            response.delete_cookie("blog_session", domain=".rose-ash.com", path="/")
+        return response
+
     @app.after_request
     async def _add_hx_preserve_search_header(response):
         value = request.headers.get("X-Search")