diff --git a/app/FrontendUnit.js b/app/FrontendUnit.js
index 79d93d3..35365bf 100644
--- a/app/FrontendUnit.js
+++ b/app/FrontendUnit.js
@@ -21,6 +21,10 @@ class FrontendUnit extends Unit {
         app.express.use('/app', [
             this.canon.get('middleware::auth:UserOnly'),
             (req, res, next) => {
+                if ( !req.user ) {
+                    return res.redirect('/auth/login')
+                }
+
                 const allowed_extensions = [
                     '.html', '.js', '.css', '.svg', '.ttf', '.jpg', '.png',
                     '.jpeg', '.webmanifest', '.json', '.eot', '.svg', '.cur',
diff --git a/frontend/src/module/routing.js b/frontend/src/module/routing.js
index b50ed0f..8a462d5 100644
--- a/frontend/src/module/routing.js
+++ b/frontend/src/module/routing.js
@@ -29,7 +29,8 @@ class Router {
     constructor() {
         try {
             const route = location.href.split(APP_BASE_PATH).filter(Boolean)[0].split(/[#?]/)[0]
-            if ( route ) {
+            if ( route && !route.toLowerCase().includes('http://') && !route.toLowerCase().includes('https://') ) {
+                console.log('resume route', route)
                 this.navigate(route, {})
             }
         } catch (e) {}