[Enhancement] Account: Orphaned template templates/account/sessions.php — zero render references; superseded by the sessions card in profile/settings.php

Area: Account & identity (audit phase 1) · Surface: platform/templates/account/sessions.php · Dimension: dead-code · Severity: minor

templates/account/sessions.php is a complete standalone Active Sessions page but is never rendered by any controller (grep for any render/include of 'account/sessions' returns zero hits). Its intended handler, activeSessions(), now returns JSON, and the functional session-management UI was reimplemented inline in profile/settings.php (the #sessionsCard block). The file is dead and duplicates markup (terminate-all / per-session terminate forms) that already exists and is maintained in settings.php.

Evidence

The template is a full 88-line page (declares $pageTitle='Active Sessions', ob_start(), card markup):
$ wc -l platform/templates/account/sessions.php  -> 88

Proof of ZERO inbound render/include references:
$ grep -rn "render('account/sessions'" platform/src/   -> (no output, exit 1)
$ grep -rn "account/sessions.php|include.*account/sessions|require.*account/sessions" platform/src/ platform/templates/  -> (no output, exit 1)

The only handler that could render it (activeSessions) instead returns JSON (AccountController.php:1228 $this->json(...)). The live session UI lives elsewhere:
platform/templates/profile/settings.php:975-985 ("<!-- Active Sessions -->" card #sessionsCard with terminate-all + per-session forms), rendered by AccountController@showSettings at /account/settings.

Suggested fix. Delete platform/templates/account/sessions.php after repointing the dashboard Manage link to /account/settings. The session management surface is fully covered by the sessionsCard block in profile/settings.php.

Filed by the automated tenant-app audit (phase 1) and adversarially evidence-verified. Status: verified. Open — not yet actioned.