there are no other security issues ... that I'm aware off.
That you are aware of.
Please refer to specific lines of code as your comments are at best spurious.
I'm not here to do your homework for you.
Don't guess as to how you think the web works. Read the relevant RFCs. Read working and tested code if you're determined to do it your own way. Do it right or do it wrong—I don't care—but if you're going to claim that you're doing something better than everyone else, at least do the world the credit of trying to get it right.