diff --git a/app/Filament/SuperAdmin/Pages/Auth/Login.php b/app/Filament/SuperAdmin/Pages/Auth/Login.php
index cd5cccd..c6711d5 100644
--- a/app/Filament/SuperAdmin/Pages/Auth/Login.php
+++ b/app/Filament/SuperAdmin/Pages/Auth/Login.php
@@ -2,14 +2,13 @@
 
 namespace App\Filament\SuperAdmin\Pages\Auth;
 
+use Filament\Auth\Http\Responses\Contracts\LoginResponse as LoginResponseContract;
+use Filament\Auth\Pages\Login as BaseLogin;
+use Filament\Facades\Filament;
 use Filament\Forms\Components\Checkbox;
 use Filament\Forms\Components\TextInput;
 use Filament\Forms\Concerns\InteractsWithForms;
 use Filament\Forms\Contracts\HasForms;
-use Filament\Auth\Pages\Login as BaseLogin;
-use Filament\Auth\Http\Responses\LoginResponse;
-use Filament\Auth\Http\Responses\Contracts\LoginResponse as LoginResponseContract;
-use Illuminate\Support\Facades\Auth;
 use Illuminate\Validation\ValidationException;
 
 class Login extends BaseLogin implements HasForms
@@ -22,16 +21,18 @@ class Login extends BaseLogin implements HasForms
 
         $credentials = $this->getCredentialsFromFormData($data);
 
-        if (! Auth::attempt($credentials, $data['remember'] ?? false)) {
+        $authGuard = Filament::auth();
+
+        if (! $authGuard->attempt($credentials, $data['remember'] ?? false)) {
             throw ValidationException::withMessages([
                 'data.email' => __('auth.failed'),
             ]);
         }
 
-        $user = Auth::user();
+        $user = $authGuard->user();
 
         if (! $user->email_verified_at) {
-            Auth::logout();
+            $authGuard->logout();
 
             throw ValidationException::withMessages([
                 'data.email' => 'Your email address is not verified. Please check your email for a verification link.',
@@ -40,7 +41,7 @@ class Login extends BaseLogin implements HasForms
 
         // SuperAdmin-spezifisch: Prüfe auf SuperAdmin-Rolle, keine Tenant-Prüfung
         if ($user->role !== 'super_admin') {
-            Auth::logout();
+            $authGuard->logout();
 
             throw ValidationException::withMessages([
                 'data.email' => 'You do not have access to the SuperAdmin panel. Contact support.',
@@ -82,4 +83,4 @@ class Login extends BaseLogin implements HasForms
                 ->label('Remember me'),
         ];
     }
-}
\ No newline at end of file
+}
diff --git a/app/Http/Kernel.php b/app/Http/Kernel.php
index 9c25ff1..af6fca1 100644
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@@ -30,6 +30,7 @@ class Kernel extends HttpKernel
      */
     protected $middlewareGroups = [
         'web' => [
+            \App\Http\Middleware\UseSuperAdminSession::class,
             \App\Http\Middleware\EncryptCookies::class,
             \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
             \Illuminate\Session\Middleware\StartSession::class,
diff --git a/app/Http/Middleware/UseSuperAdminSession.php b/app/Http/Middleware/UseSuperAdminSession.php
index 8920444..cb4008c 100644
--- a/app/Http/Middleware/UseSuperAdminSession.php
+++ b/app/Http/Middleware/UseSuperAdminSession.php
@@ -4,6 +4,7 @@ namespace App\Http\Middleware;
 
 use Closure;
 use Illuminate\Http\Request;
+use Illuminate\Support\Str;
 use Symfony\Component\HttpFoundation\Response;
 
 class UseSuperAdminSession
@@ -15,8 +16,26 @@ class UseSuperAdminSession
      */
     public function handle(Request $request, Closure $next): Response
     {
-        config(['session.cookie' => 'super_admin_session']);
+        if ($this->shouldUseSuperAdminSession($request)) {
+            config(['session.cookie' => 'super_admin_session']);
+        }
 
         return $next($request);
     }
+
+    protected function shouldUseSuperAdminSession(Request $request): bool
+    {
+        if (Str::startsWith($request->path(), 'super-admin')) {
+            return true;
+        }
+
+        $referer = $request->headers->get('referer');
+        if (! $referer) {
+            return false;
+        }
+
+        $refererPath = parse_url($referer, PHP_URL_PATH);
+
+        return is_string($refererPath) && Str::startsWith(ltrim($refererPath, '/'), 'super-admin');
+    }
 }
diff --git a/app/Providers/Filament/SuperAdminPanelProvider.php b/app/Providers/Filament/SuperAdminPanelProvider.php
index c2167be..5517de5 100644
--- a/app/Providers/Filament/SuperAdminPanelProvider.php
+++ b/app/Providers/Filament/SuperAdminPanelProvider.php
@@ -11,7 +11,6 @@ use App\Filament\Widgets\PlatformStatsWidget;
 use App\Filament\Widgets\RevenueTrendWidget;
 use App\Filament\Widgets\TopTenantsByRevenue;
 use App\Filament\Widgets\TopTenantsByUploads;
-use App\Http\Middleware\UseSuperAdminSession;
 use Boquizo\FilamentLogViewer\FilamentLogViewerPlugin;
 use Filament\Http\Middleware\Authenticate;
 use Filament\Http\Middleware\DisableBladeIconComponents;
@@ -73,7 +72,6 @@ class SuperAdminPanelProvider extends PanelProvider
             ])
             ->middleware([
                 EncryptCookies::class,
-                UseSuperAdminSession::class,
                 AddQueuedCookiesToResponse::class,
                 StartSession::class,
                 AuthenticateSession::class,
diff --git a/routes/web.php b/routes/web.php
index 2063d0d..c067394 100644
--- a/routes/web.php
+++ b/routes/web.php
@@ -377,5 +377,6 @@ Route::middleware('auth')->group(function () {
 });
 
 Route::post('/paddle/webhook', [PaddleWebhookController::class, 'handle'])
+    ->withoutMiddleware([\App\Http\Middleware\VerifyCsrfToken::class])
     ->middleware('throttle:paddle-webhook')
     ->name('paddle.webhook');
diff --git a/tests/Feature/SuperAdminSessionMiddlewareTest.php b/tests/Feature/SuperAdminSessionMiddlewareTest.php
index f330e15..645756f 100644
--- a/tests/Feature/SuperAdminSessionMiddlewareTest.php
+++ b/tests/Feature/SuperAdminSessionMiddlewareTest.php
@@ -8,7 +8,7 @@ use Tests\TestCase;
 
 class SuperAdminSessionMiddlewareTest extends TestCase
 {
-    public function test_middleware_sets_super_admin_session_cookie(): void
+    public function test_middleware_sets_super_admin_session_cookie_for_super_admin_routes(): void
     {
         config(['session.cookie' => 'laravel_session']);
 
@@ -21,4 +21,33 @@ class SuperAdminSessionMiddlewareTest extends TestCase
 
         $this->assertSame('super_admin_session', config('session.cookie'));
     }
+
+    public function test_middleware_sets_super_admin_session_cookie_for_livewire_requests_with_super_admin_referer(): void
+    {
+        config(['session.cookie' => 'laravel_session']);
+
+        $middleware = new UseSuperAdminSession;
+        $request = Request::create('/livewire/update', 'POST');
+        $request->headers->set('referer', 'https://fotospiel.test/super-admin/login');
+
+        $middleware->handle($request, function () {
+            return response('ok');
+        });
+
+        $this->assertSame('super_admin_session', config('session.cookie'));
+    }
+
+    public function test_middleware_keeps_default_session_cookie_for_regular_routes(): void
+    {
+        config(['session.cookie' => 'laravel_session']);
+
+        $middleware = new UseSuperAdminSession;
+        $request = Request::create('/checkout', 'GET');
+
+        $middleware->handle($request, function () {
+            return response('ok');
+        });
+
+        $this->assertSame('laravel_session', config('session.cookie'));
+    }
 }