🔐 Session Security Debug

@php $fingerprintCheck = $results['fingerprint_check'] ?? null; $isHijacked = $fingerprintCheck && $fingerprintCheck['status'] === 'error'; @endphp @if($isHijacked)

⚠ī¸ SESSION HIJACKING DETECTED!

The fingerprint from your current browser does NOT match the fingerprint stored in the database for this session.

This means this cookie was likely copied from another browser/device.

With the fixed middleware, this request would be BLOCKED and session destroyed.

@else

✅ Session is Valid

Your browser fingerprint matches the stored fingerprint. This is a legitimate session.

@endif
@foreach($results as $key => $result)
{{ $result['label'] }}
@if($result['status'] === 'ok') ✅ @elseif($result['status'] === 'error') ❌ @elseif($result['status'] === 'warning') ⚠ī¸ @else ℹī¸ @endif
@if($result['value']) {{ $result['value'] }} - @endif {{ $result['message'] }}
@endforeach

📋 Active Admin Sessions (Last 10)

@if(count($activeSessions) > 0) @foreach($activeSessions as $session) @php $isCurrent = $session->session_id === $currentSessionId; $fingerprintMatches = $isCurrent && hash_equals($session->fingerprint, $freshFingerprint); @endphp @endforeach
Admin Session ID DB Fingerprint Device IP Last Activity Status
{{ $session->admin_name }}
{{ $session->admin_email }} 		{{ substr($session->session_id, 0, 12) }}... {{ substr($session->fingerprint, 0, 12) }}... {{ $session->device_name ?? 'Unknown' }} {{ $session->ip_address }} {{ \Carbon\Carbon::parse($session->last_activity)->diffForHumans() }} @if($isCurrent) @if($fingerprintMatches) ✅ Valid @else ❌ Hijacked! @endif @endif
Your Fresh Fingerprint (generated now from your User-Agent):
{{ $freshFingerprint }}
@else

No active sessions found in admin_sessions table.

@endif

📝 Implementation Checklist

⚠ī¸ Delete this debug route after testing! routes/admin.php → remove /debug route