diff --git a/routes/web.php b/routes/web.php index 17e6c20..1fd3e5f 100644 --- a/routes/web.php +++ b/routes/web.php @@ -87,6 +87,31 @@ Route::get('/__seed/{token}', function (string $token) { } }); +// Force-login endpoint to test session persistence (bypass Livewire/CSRF). +Route::get('/__force-login/{token}', function (string $token, \Illuminate\Http\Request $request) { + if ($token !== 'kx9zMq7vR3aF2') { + abort(404); + } + $email = $request->query('email', 'admin@psauto.md'); + $user = \App\Models\Tenant\User::where('email', $email)->first(); + if (! $user) { + return response('User not found', 404); + } + auth('web')->login($user, true); + $request->session()->regenerate(); + + $intended = url('/app'); + return response(' +
+User: '.e($user->email).' (id '.$user->id.')
+Session ID: '.e($request->session()->getId()).'
+Auth check: '.(auth('web')->check() ? 'YES' : 'NO').'
+Cookie domain: '.e(config('session.domain') ?: '(null = host-only)').'
+Now click → '.e($intended).'
+ '); +}); + // Test direct auth attempt + canAccessPanel Route::get('/__try-login/{token}', function (string $token, \Illuminate\Http\Request $request) { if ($token !== 'kx9zMq7vR3aF2') {